• Your healthcare organization will be assigned an individual with a thorough knowledge of the HIPAA Privacy and Security Rules and the solutions available that will help your healthcare organization develop a HIPAA compliance program.
• Once a HIPAA compliance program has been developed, your Certified HIPAA Compliance Advisor will document the progress towards its implementation. In order to achieve this, you will have access to a system that enables monitoring of the status of the organization´s HIPAA compliance.
• The system will allow the healthcare organization to prioritize efforts towards compliance and communicate relevant priorities. It will also provide a mechanism through which compliance concerns can be raised and organizational changes coordinated.
• Your Certified HIPAA Compliance Advisor will develop training programs and training courses specific to your healthcare organization. These will be designed to help your workforce understand HIPAA compliance and how any operational changes needed will affect their specific duties.
• Your Certified HIPAA Compliance Advisor will ensure that the healthcare organization provides regular HIPAA training for the workforce. This includes training for all new members when they come on onboard and also annual refresher training. Additionally, some individuals might require specific types of training. For example, those managing IT and information systems will need to be trained on handling PHI as it relates to their tasks.
• Your Certified HIPAA Compliance Advisor will also research any state laws which apply and require compliance For example, workforce members in Texas need training in the HB 300 regulation.
• Your dedicated Certified HIPAA Compliance Advisor will monitor ongoing federal and state regulatory requirements. When new regulations or guidelines are introduced, your Certified HIPAA Compliance Advisor will adjust the organization´s HIPAA compliance program to reflect the changes.
• Your Certified HIPAA Compliance Advisor will assist with establishing Breach Notification Protocols for your healthcare organization. The HIPAA requires covered entities to report all breaches to the government and to notify patients whose personal data might have been compromised. The protocols will help meet the requirement to have a documented breach notification process that outlines how the organization will comply with this rule.
• And much, much more.

Your Certified HIPAA Compliance Advisor will assist your healthcare organization with documenting all HIPAA compliance efforts. This will include privacy and security policies, risk assessments and self-audits, remediation plans, and staff training sessions. Note that OCR will likely review all this documentation during HIPAA audits and complaint investigations.

An initial and then periodic reviews will be conducted to include:

• Review your privacy policy to ensure that patients understand why you are collecting their information and what you plan to do with it.
• Review your third-party business agreements to make sure they require HIPAA-compliant handling of PHI.
• Information system activity reviews include the implementation of procedures to regularly review records of information system activity, including audit logs, access reports, and security incident tracking reports. Note that HIPAA requires you to maintain these logs for at least six years.
• HIPAA access and system audit logs. Auditors will validate that you meet requirements for log maintenance (at least six years), the information recorded, (system activity including audit logs, access reports, and security incident tracking reports), and daily review.
• Any many other required reviews.

Becoming HIPAA compliant requires more than simply following the HIPAA Privacy and Security Rules. Your healthcare organization must also prove that t's been proactive about preventing HIPAA violations by creating privacy and security policies.

These policies must be documented, communicated to the workforce, and regularly updated. Everyone must be trained on HIPAA policies during orientation and at least once a year, and they must attest in writing or ideally through testing, that they understand all HIPAA policies and procedures.

HIPAA Compliance Guidance: All Your Questions Answered

Your Certified HIPAA Compliance Advisor manager will answer all of your HIPAA compliance questions. If your program is established or just beginning the process of becoming HIPAA compliant, your Certified HIPAA Compliance Advisor will guide you through the steps you must take to comply with the law. They will explain every aspect of HIPAA, including information about why you need to be HIPAA compliant, who enforces HIPAA, what happens when a healthcare organization violates HIPAA, and what must be done to become and remain HIPAA compliant.

You will get much and comprehensive HIPAA information. In the process, you will gain a complete understanding of the law and know how to find the specific information you need. 

• Your Certified HIPAA Compliance Advisor will ensure that the healthcare organization provides regular HIPAA training for the workforce. This includes training for all new members when they come on onboard and also annual refresher training. Additionally, some individuals might require specific types of training. For example, those managing IT and information systems will need to be trained on handling PHI as it relates to their tasks.
• Your Certified HIPAA Compliance Advisor will also research any state laws which apply and require compliance. For example, workforce members in Texas need training in the HB 300 regulation.