HIPAA Compliance Report

Now that management has all the necessary tools at their disposal, they need to make a decision as to what best suits their organization’s needs. Regola and Chawla (2013) suggest that there needs to be a certain method to the approach of creating HIPAA compliant controls, which starts with Risk Analysis and Management, then flows to Administrative Safeguards, followed by Physical Safeguards, and finally Technical Safeguards (Regola & Chawla, 2013). To begin with, they suggest that a check needs to be performed with regards to the probability and impact of any perceivable risk to the data stored. Once the analysis has been done and risks have been identified, safeguards should be implemented and a risk analysis and management plan has to be drafted. Next, they propose that appropriate security measures need to be put in place to mitigate risks. …show more content…
For this, the official needs to adhere to the Privacy and Security Rules and make sure that access to information is granted to various roles and designations, as deemed necessary. Furthermore, they will need to arrange for sessions, educating their workforce about the sensitivity of the data they will be handling, and the correct way of working with ePHI. Subsequently, the official will need to make sure that his department has enabled “Facility Access and Control” and “Workstation and Device Security” (Regola & Chawla, 2013). As a last step, the technical safeguards such as access control, audit controls, integrity controls, and transmission security need to be prepared. Best practices would entail the review and update of all policies and protocols on a regular