Annual HIPAA Review for Cybersecurity

The best defense is a good defense! You hear about cybersecurity all the time, and shoring up your defenses and reviewing HIPAA materials on an annual basis is key. 

Here is a list of materials to review annually and a brief explanation of each:

Privacy and Security Policies

    • All self-insured plans must have a written Privacy Policy detailing your organization’s PHI- related rules and procedures. 
    • A Security Policy is required to document how your organization will protect ePHI through its policies and procedures. 

Risk Analysis

      • This is a comprehensive assessment of all business processes where ePHI may be created, received, maintained, or transmitted. 
      • Regularly evaluating security needs is crucial in maintaining HIPAA compliance and cybersecurity.

Plan Amendments

    • HIPAA amendment language must be current! Review and edit when there are regulatory changes, or when you’ve made changes to your Plans or benefits. 

Business Associate Agreements

      • These should be stored securely and reviewed annually to accurately reflect the business relationship for each Business Associate.

Notice of Privacy Practices

    • This should be regularly reviewed to ensure that it reflects your current policies, and distributed regularly and available to everyone.

Your Workforce Training

    • Train staff with access to PHI annually, as a response to newly identified cybersecurity threats, or when the business adds, removes, or changes physical or technical infrastructure. 

Pro tips!

  1. Create reminders for assessment, review, and amendments of HIPAA-required documents to help simplify the maintenance process.
  2. Rely on your team! Include staff responsible for creating and amending documents in regular reviews.
  3. Be proactive! Once you’ve followed the step-by-step tasks within HIPAA10, you’re set up to simply review and amend your HIPAA documents.

Check out this HIPAA Annual Review Checklist for a printable resource!

Leave a Reply

Your email address will not be published. Required fields are marked *