Help with HIPAA Compliance
Help with HIPAA Compliance
Helping you understand the complexities of compliance under the HIPAA Security and Privacy Rules. Our team of experts in regulatory compliance can answer any questions you may.
Colington Consulting

5 Tips from a HIPAA Consultant

5 Tips from a HIPAA Consultant

5/29/2015 4:44:02 AM   |   Comments: 0   |   Views: 244

by Jay Hodes, President - Colington Consulting

I always make it a point to educate healthcare providers (Covered Entities) and those designated as Business Associates who are trying to understand the complexities of HIPAA compliance.  No matter what your involvement with HIPAA regulatory requirements is, it can be a nightmare for some to figure out exactly what it is the government wants you to have in place as far as the proper safeguards to protect health information. 

Although there is a lot to cover when it comes to HIPAA compliance, here are five tips to consider:

  1. Provide Education, Security Awareness and Training – In order for your workforce to understand how to follow HIPAA compliance requirements, they must be educated and trained on all the requirements.  It is good to cover privacy and security safeguards and imperative to conduct HIPAA Security Awareness Training, which is an annual regulatory requirement.  Some type of training program must be in place, along with records that confirm who took the training and the date.


  2. Have a Strong HIPAA Sanction Policy - Think of it as the office disciplinary policy.  Appropriate sanctions must be in place so that the entire workforce understands the consequences of failing to comply with HIPAA privacy and security policies and procedures in order to prevent a breach of patient records from occurring.  Having a Sanction Policy is a requirement of the HIPAA Security Rule.


  3. Conduct an Internal Compliance Review – An internal compliance review ensures that all HIPAA related policies, procedures and guidelines are adequate and in place.  The review can also determine any inadequacies to be addressed.  Use a comprehensive checklist to complete the review.  But remember, a checklist does not replace the requirement to conduct a HIPAA Risk Assessment, which must be done on an annual basis.


  4. See What Others Have Done Wrong and Learn from the Their Mistakes - If you have never checked out the HHS Breach Notification Portal, then do so.  You will probably be amazed by the number of reported breaches.  Even if a breach was unintentional, there should have been proper safeguards in place that may have prevented the breach.  Unencrypted lost or stolen laptops and other portable media devices, like USB thumb drives, lead the list of how protected health information can be compromised. 


  5. Prepare for an Audit – If your organization or business prepares as if any day now a letter is going to arrive from HHS indicating you have been identified for an audit, then it should be easier to have required compliance requirements in place and tamp down any concerns.  I can tell you from experience, if you do not have all the HIPAA requirements in place, there is no way an organization can be prepared for audit in a short amount of time.  HHS will look for specific dates for items, such as when an access audit was conducted and when a HIPAA Risk Assessment was conducted, as well as entry dates on a maintenance record log.   


Pre-audit notifications are underway by HHS.  Now is the time to prepare. If you are a Covered Entity or Business Associate you are mandated by Federal law to meet all the requirements of the HIPAA Security and Privacy Rules.  

More Like This

Total Blog Activity

Total Bloggers
Total Blog Posts
Total Podcasts
Total Videos


Townie Perks

Townie® Poll

Do you allow parents into the operatory?

Site Help

Sally Gross, Member Services
Phone: +1-480-445-9710

Follow Dentaltown

Mobile App



9633 S. 48th Street Suite 200 • Phoenix, AZ 85044 · Phone: +1-480-598-0001 · Fax: +1-480-598-3450
©1999-2019 Dentaltown, L.L.C., a division of Farran Media, L.L.C. · All Rights Reserved