Find out what you need in order to implement a HIPAA Compliance Plan in your office.

Maybe your organization is new, and you’re just starting on the road to HIPAA Compliance, or maybe you have been working in the field for a while and seen HIPAA change throughout the years but still find yourself struggling with the requirements for protecting electronic Protected Health Information (ePHI). Regardless of your situation, the question you need to be able to answer to be HIPAA compliant is: “How do I implement a HIPAA Compliance Plan?”

In order to answer that, you need to understand a little more about the implementation specifications of HIPAA, specifically what standards are required and what are addressable. A required implementation specification is just like you’d guess: required, meaning you absolutely must implement that specification; there is no getting around it.

The addressable standards are a little tougher. For those standards, you have to determine what is feasible for your office. Many of the addressable specifications will come down to your budgetary constraints. Others deal with issues pertaining to certain types of knowledge or skillsets, such as Information Technology, that your team may be lacking. In each of these addressable situations, your organization must document how you are addressing the specifications: accepting the risk for now, working to find a different way to meet the standard, etc. The Office for Civil Rights (OCR) will want to see that documentation if you are audited.

To make your life easier, we’ve taken the time to break down which implementation specifications are addressable and which are required. Let’s start with the Administrative Safeguards:HIPAA Compliance Plan

Check out HIPAAgps’s next post for more information on the other Safeguards. If you’re ready to start meeting these HIPAA standards, sign up with HIPAAgps today to get started on your risk assessment and HIPAA Compliance Plan! We provide tools to help you and other health care organizations meet all of the standards listed in the HIPAA required- and addressable-specifications table.