38 HIPAA Compliance Requirements
There are four groups of guidelines every healthcare provider MUST follow to be HIPAA compliant:
- Privacy Rules
- Security Rules
- Breach Notification Rules
- Enforcement Rules
HIPAA privacy rules identify when protected health information may be used and disclosed. This includes past, present, and future conditions, payment for healthcare, and the provision of healthcare to a patient.
The security rules cover the safeguards you need to implement to stay compliant. This includes confidentiality measures, threat and risk management, and ensuring a compliant workforce.
Breach notification rules require you to alert relevant parties of information breaches. Relevant parties include the affected individuals, the HHS, and possibly the administrator of whichever channel created the breach.
Notifications should be provided within 60 days of the discovery of a breach, and those less than 500 individuals should be submitted to HHS annually.
Enforcement rules outline how you should respond to breaches, investigations, penalties, and procedures for hearings.
To make sure you’re in compliance with all of the above, check off all 38 compliance measures in the checklist below. Download a PDF version of the full checklist here.
HIPAA Compliance Checklist PDF (38 Guidelines)
The following checklist contains six major compliance items. Each one has a list of tasks to complete to ensure compliance. In total, there are 38 HIPAA compliance measures to check off.
HIPAA COMPLIANCE MEASURE
|The entire facility is HIPAA compliant|
|Employees & business associates are aware of & in compliance with HIPAA rules|
|Computer & device usage is compliant|
|ePHI usage is compliant|
|Breach safeguards & procedures in place|
|Breaches are reported as noted by HHS|
Want more information on HIPAA compliance?
Check out these related articles: