√  COMPLIANCE TO-DO LIST

By now, most of you have established a Health Insurance Portability and Accountability Act (HIPAA) task force and designated a security officer and privacy officer to address the issues that your organization must face in the coming months. The list of issues that must be addressed is long and complicated, and it's important that none are left off. make sure the following issues are included in your HIPAA compliance to-do list.

• Encrypt protected health information (PHI) policies and procedures
• De-identify PHI policies and procedures
• Create a policy for "minimum necessary" PHI to be released
• Develop and inventory qualified business associates contracts, and consent forms.
• Develop strategies for dealing with litigation and mitigating potential litigation
• Develop a plan for the physical location and media storage for PHI
• Write policies and procedures regarding who, when and where PHI can be discussed
• Write policies and procedures related to breaches of privacy and security
• Determine how, when and where security breaches might occur
• Install an electronic audit trail capability for PHI stored and accessed electronically
• Ensure that your vendors have undergone A Statement on Auditing Standards for Service Organizations (SAS70) audit
• Determine if your trading partners are prepared for HIPAA

These are just a few of the items you probably have not had a chance to address. Add these items to your to-do list and put a deadline date next to it. Adding a deadline ensures it gets done!

Hank Vanderbeek, MPA, CIA, CFE   IRP, Inc.  http://www.irp.com