HIPAA Compliance Checklist: What Employees Need to Know

In the realm of healthcare, HIPAA compliance is always a key character in how it’s stored, shared, and handled. As an organization, you may have HIPAA compliance standards in place, but are your employees following or aware of the rules? Employee training and education are critical to adherence, so if you aren’t sure what your employees know, start with this HIPAA compliance checklist.

HIPAA Compliance Is Complex but Should Be Standardized

While the provisions and language of the law are quite complex, adhering to it doesn’t have to be complicated. Unfortunately, the number of complaints continues to trend up. In the past four years on record, the total cases have increased steadily, with a total of 25,089 for 2018, according to the Office of Civil Rights (OCR).

HIPAA was designed to set up industry-wide standards regarding PHI to protect patients and reduce fraud and abuse. Every employee has a role to play in HIPAA compliance, and training and education should be a part of everyone’s onboarding. Employees can often be the “weak” link in breaches or security incidents—the more they know, the less likely they’ll be to make such errors.

The Employee HIPAA Compliance Checklist

• Does every partner that you share PHI with have a valid Business Associate Agreement (BAA)? Employees must be aware of the importance of a BAA before entering into partnerships.
• Have you assessed your risk? To evaluate risk and audit your processes, you should follow the National Institutes of Standards and Technology (NIST) guidelines. When you find weaknesses, your team then needs to develop a remediation plan to address them.
• Are your PHI policies distributed and communicated? To ensure that all employees handle PHI appropriately, you must have procedures in place, and they need to be accessible. You have to do more than just hand them a document. You must track and document that they have read and understood them.
• Do you have a HIPAA training plan? Every employee should undergo training on HIPAA. Educating and empowering your team with knowledge not only keeps your company compliant but makes them mindful of all their interactions with protected data. You’ll also want to document the training process and continue to improve it as regulations change, and your company grows. 
• Do you have an incident response plan? Breaches in healthcare data are a regular occurrence. While you hope it doesn’t happen to you, you must have a plan to respond to an incident. This plan needs to be communicated to all parties, so they know their roles. Be prepared to mitigate and contain the risk.

Be HIPAA Ready with Every Transaction

Your employees are your most valuable assets, but human error is still the leading cause of HIPAA noncompliance. By using this HIPAA compliance checklist, you can reduce risk and ensure that PHI is safe and protected.