HIPAA Overview Series: Confidence through Compliance

 In Blog Posts

HIPAA Overview Series:  Confidence through Compliance


HIPAA Compliance is complicated enough even if you do speak tech.  How can you prioritize all the required tasks and procedures you need to implement to protect electronic data when you have important patients to attend to?  We know it can be overwhelming and confusing if you don’t have expert support to make sense of it all.


Each day brings another headline regarding HIPAA violations and the impact data breaches are having on the Healthcare Industry – or any other industry for that matter.  Now more than ever, healthcare organizations must understand the intricate moving parts of HIPAA regulations and what it takes to be compliant.  Any company that handles protected health information (PHI) requires a series of physical, network, and process security measures to remain HIPAA compliant. Failing to do so can result in hefty fines that compromise the health, credibility, and reputation of your business.


The quick overview of HIPAA


Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in 1996 to set the standard for protect sensitive patient data. This piece of legislation:

Mandates standards for healthcare information on electronic billing and other processes.

Reduces healthcare fraud and abuse.

Requires the protection and confidential handling of protected health information.

Enables the transfer and continuation of health insurance coverage for millions of Americans and their families when they change or lose jobs.


The Framework Communications team of healthcare IT, compliance, and security specialists guide your practice through the implementation process, taking the stress out of managing compliance. We understand the intricate extent of HIPAA regulation and help you stay productive and compliant in a cost effective suite of managed technology services as unique as your practice and patients.


Understanding HIPAA requirements is the first step toward compliance. Framework delivers a proven and effective methodology to protect your practice against data breaches and HIPAA violations. Each aspect is customized to align organizational goals with the needs of your practice.


Compliance Audits – HIPAA requires you to conduct annual audits of your practice to assess Administrative, Technical, and Physical gaps in compliance with HIPAA Privacy and Security standards.

Remediation Plans – Once you’ve identified gaps, you must implement remediation plans to reverse any potential HIPAA violations.

Policy & Procedure Training for Employees – To avoid HIPAA violations, you’ll need to develop Policies and Procedures corresponding to HIPAA regulatory standards. Annual staff training on these Policies and Procedures is also required.

Documentation – Your practice must document efforts you take to become HIPAA compliant. This documentation is critical during a HIPAA investigation with HHS.

Business Associate Management Agreements – You must document all vendors with whom you share PHI and execute Business Associate Agreements to ensure PHI is handled securely and mitigate liability.


Not sure if you’re compliant? Framework can help guide you through the next steps with a complementary HIPAA Risk Assessment


Take a look at this checklist to get a better idea of where your business currently stands in regard to compliance efforts.



Have you conducted the following Audits and Assessments?

  • Security Risk Assessment
  • Privacy Assessment
  • Administrative Assessment


Have you identified all deficiencies discovered during the audits??

  • Have you documented all deficiencies?
  • Have you created remediation plans to address deficiencies for the following?
  • Security Risk Assessment
  • Privacy Assessment
  • Administrative Assessment


Do you have Policies & Procedures in place in regard to the HIPAA Privacy, Security, and Breach Notification Rules?

  • Have all staff members read and attested to the Policies and Procedures?
  • Do you have documentation of their training?
  • Do you have documentation for annual reviews of your Policies and Procedures?


Have all staff members undergone basic HIPAA training?

  • Do you have documentation of their training?
  • Is there a staff member designated as the HIPAA Compliance, Privacy, and/or Security Officer?


Have you identified all Business Associates?

  • Do you have Business Associate Agreements in place with all Business Associates?
  • Have you audited your Business Associates to ensure that they are HIPAA compliant?
  • Do you have reporting to prove your due diligence?


Do you have a management process in place in the event of incidents or breaches?

  • Do you have the ability to track and manage the investigations of all incidents?
  • Are you able to demonstrate that you have investigated each incident?
  • Are you able to provide reporting of minor or meaningful breaches or incidents?
  • Do your staff members have the ability to anonymously report an incident?
  • AUDIT TIP: If audited, you must provide all said documentation in an eligible format to auditors.



If you don’t feel confident, Call the HIPAA Compliance Experts at Framework for your complementary HIPAA Risk Assessment today and let’s get that stress down to a manageable level.

Leave a Comment