The Health Insurance Portability and Accountability Act, commonly known as HIPAA is crucial to the healthcare industry now more than ever. Reviewing HIPAA compliance checklist 2021 is important to ensure your organization complies with HIPAA requirements for the privacy and security of Protected Health Information (PHI). However, navigating through the HIPAA landscape to develop a HIPAA compliance checklist and implement all necessary privacy and security controls can be difficult for organizations unfamiliar with the intricacies of HIPAA rules. To ensure you cover all elements on your HIPAA compliance checklist and leave no stone unturned, we have devised a clear and comprehensive HIPAA compliance checklist for 2021 that covers everything you need to know.
Fundamental Elements of an Effective Compliance Program
HIPAA is a federal law, passed in 1996, issued by the U.S. Department of Health and Human Services (DHHS). HIPAA compliance is the process that business associates and covered entities follow to protect and secure Protected Health Information (PHI and e-PHI). HIPAA compliance is adherence to the physical, administrative, and technical safeguards outlined in HIPP=AA. It sets out new information privacy standards for the protection of medical records and other personal health information. It establishes data security and privacy requirements for the storing and processing of PHI and e-PHI.
HIPAA is overseen by the Department of Health and Human Services (HSS) and is enforced by the Office for Civil Rights (OCR). The Compliance Resource Portal of the HSS Office of Inspector General (OIG) establishes 7 fundamental elements of an effective compliance program. They are:
- Standards, Policies, and Procedures
- Compliance Program Administration
- Screening and Evaluation of Employees, Physicians, Vendors, and Other Agents
- Communication, Education, and Training on Compliance Issues
- Monitoring, Auditing, and Internal Reporting Systems
- Discipline for Non‐Compliance
- Investigations and Remedial Measures
HIPAA Compliance Checklist 2021
Understand the HIPAA Privacy Rule
The HIPAA Privacy rule is something that all applicable organizations need to familiarize themselves with. It explains when and how authorized personnel like healthcare professionals, administrators, lawyers, or anyone else within your healthcare information system can access PHI. HIPAA defines these individuals and organizations as covered entities:
- Health Care Providers such as Doctors, Clinics, Psychologists, Dentists, Chiropractors, Nursing homes, Pharmacies, Health Plan, Health Insurance Companies.
- HMOs such as Company health plans and Government-provided health care plan
- Health Care Clearinghouses that process healthcare data from another entity into a standard form.
Perform annual Audits and Assessments
Next, you’ll need to regularly perform internal audits and security assessments:
- Determine which of the required annual audits and assessments apply to your organization and conduct them.
- Document any issues or deficiencies and create remediation plans to address the same.
- Implement the plan, review the results and repeat the process if the desired results were not achieved.
Implement Data Safeguards
Make sure that you have implemented data safeguards to protect data integrity, availability, and confidentiality.
- Implement technical safeguards by ensuring ePHI encryption, implementing integrity controls, auditing, and appropriate access controls, authorization and authentication.
- Implement physical safeguards by ensuring proper document disposal, workplace security, and mobile device and media controls.
- Implement Administrative Safeguards by crafting contingency plans to preserve critical business operations during emergencies.
Keep Check on all Business Associates
You need to regularly check that all your business associates are in compliance with HIPAA regulations.
- Identify all the business associates who may receive, transmit, maintain or have access to sensitive PHI or e-PHI records.
- Draft a Business Associate Agreement and make sure it is in place with each business associate.
- Document all your transactions with them to prove your due diligence regarding your business associates.
Provide Adequate Employee Training
This is one of the important points in the HIPAA compliance checklist for 2021. You need to provide adequate cybersecurity training to all employees and educate them on the importance of HIPAA compliance.
- Give all the staff members basic HIPAA compliance training and document it.
- Ensure all staff members read and attest to all the HIPAA policies and procedures.
- Develop disciplinary policies and procedures in case of privacy violations.
Procedure for security incidents
Establish standard processes, systems, and procedures for security incidents or breaches.
- Establish standards and guidelines for data mitigation as well as disciplinary policies in case of a security breach.
- Establish a method to report all breaches and incidents that impact the security of PHI.
- Establish procedures for notifying patients and the media about the breaches.
Be on the Lookout for HIPAA Changes
HIPAA compliance changes take place regularly, so you need to keep abreast of new HIPAA developments.
- Regularly check HHS CSC Newsroom or HIPAA Journal Website for updates related to HIPAA privacy rules.
- You can also work with a compliance partner to ensure you comply when new updates arrive.
Take Covid into Consideration
With the COVID-19 pandemic changing the healthcare landscape, there is a grave opportunity for HIPAA compliance mistakes. So, it is crucial to know how COVID affects HIPAA.
- Take COVID-19 into account in the cybersecurity, physical security, and compliance aspects of your business that might be affected.
- Review existing procedures and policies to find vulnerabilities in your data protection practices that may have been caused due to COVID.
- Education and train your employees regarding work-from-home best practices.
Failure to comply with HIPAA regulations can result in substantial fines being issued. The penalty for a single violation for non-compliance can reach up to $50,000 based on the level of negligence. Additionally, a maximum penalty of $1.5 million per year can be assessed for violations of an identical provision. These heavy fines can even shut an organization’s door forever. Using our HIPAA compliance checklist to make sure all aspects of HIPAA are covered will help you protect and secure your HIPAA-protected data.
At Intone, we don’t just help you meet the regulatory requirements for the sake of compliance, we help you build a solid security program and strategy that you can adapt. With Intone’s HIPAA-compliant solutions, you gain the speed, flexibility, and features to deliver new services that can help you keep pace with the rapidly evolving healthcare ecosystem. Let us help you deliver more efficient, effective, and affordable healthcare.