Annual HIPAA Review for Cybersecurity
The best defense is a good defense! You hear about cybersecurity all the time, and shoring up your defenses and reviewing HIPAA materials on an annual basis is key.
Here is a list of materials to review annually and a brief explanation of each:
Privacy and Security Policies
-
- All self-insured plans must have a written Privacy Policy detailing your organization’s PHI- related rules and procedures.
- A Security Policy is required to document how your organization will protect ePHI through its policies and procedures.
Risk Analysis
-
-
- This is a comprehensive assessment of all business processes where ePHI may be created, received, maintained, or transmitted.
- Regularly evaluating security needs is crucial in maintaining HIPAA compliance and cybersecurity.
-
Plan Amendments
-
- HIPAA amendment language must be current! Review and edit when there are regulatory changes, or when you’ve made changes to your Plans or benefits.
Business Associate Agreements
-
-
- These should be stored securely and reviewed annually to accurately reflect the business relationship for each Business Associate.
-
Notice of Privacy Practices
-
- This should be regularly reviewed to ensure that it reflects your current policies, and distributed regularly and available to everyone.
Your Workforce Training
-
- Train staff with access to PHI annually, as a response to newly identified cybersecurity threats, or when the business adds, removes, or changes physical or technical infrastructure.
Pro tips!
- Create reminders for assessment, review, and amendments of HIPAA-required documents to help simplify the maintenance process.
- Rely on your team! Include staff responsible for creating and amending documents in regular reviews.
- Be proactive! Once you’ve followed the step-by-step tasks within HIPAA10, you’re set up to simply review and amend your HIPAA documents.
Check out this HIPAA Annual Review Checklist for a printable resource!
