HIPAA compliance checklists

Douglas Crawford writes:

The HSS Office of Inspector General (OIG) offers a Compliance Resource Portal that establishes the “seven fundamental elements of an effective compliance program.” These elements are:

  1. Standards, Policies, and Procedures
  2. Compliance Program Administration 
  3. Screening and Evaluation of Employees, Physicians, Vendors, and other Agents
  4. Communication, Education, and Training on Compliance Issues 
  5. Monitoring, Auditing, and Internal Reporting Systems 
  6. Discipline for Non‐Compliance
  7. Investigations and Remedial Measures

Here’s another:

Desk audits are remote audits, where covered entities and business associates are asked to submit their documentation via the OCR’s secure web portal. Physical audits involve the OCR turning up at your workplace to inspect your HIPAA compliance provisions. They are often made in response to a lack of cooperation when an entity is asked to submit a desk audit, but also include the impromptu phase 3 on-site audits discussed above.

These are tough and bureaucratic and drive up the costs of aligning with the norm- yet still breaches happen. It appeared on ProtonMail blog and I believe they are going to make a major marketing push towards the enterprise sales pitch. I don’t endorse their service but this was an interesting low down from the policy perspective.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.