Steps to HIPAA Compliance

Establish a Secure ePHI SystemHIPAA Compliance

  • Select an Electronic Health Records System (EHR)
  • Establish written policies and procedures
  • Define internal controls to safeguard the patient data

Assess the System and Data Risks

  • Comprehensive analysis of all systems and data risks
  • Determine existence and adequacy of written policies and procedures
    -Administrative matters
    -Technical systems
    -Physical environment
  • Determine whether policies are actually enforced/review written documentation of such facts
  • Examination of documents (eg)
    -Contracts (HIPAA compliance assurance by suppliers)
    -Personnel documents – Hiring, Termination, Disciplinary
  • Identify and evaluate risks to the patient data
  • Identify and report system threats and vulnerabilities

Setup up a system of reassurance activities to ensure ongoing compliance with policies

  • Eg – periodic updates of access passwords
  • Reinforcement of employment responsibilities regarding patient data
  • Assurance of license and CE renewals

Periodic Reassessment

  • As a minimum – Annually
  • Additionally when the practices undergoes a material change

Meaningful Use and CQM’s

  • Use the EMR software to produce all needed reports in PDF form
  • Store those reports as backup for certifications
  • File certifications and reports related to selected Meaningful Use requirements and required CQM data


For your free HIPAA Compliance consultation, fill out the form on the right or call us at (858) 225-7367.

Leave a Reply

Your email address will not be published. Required fields are marked *