Unfortunately, HIPAA Compliance isn't a once and done process, in addition to the Annual Risk Assessment, policy & procedure reviews, and annual training requirements. HIPAA requires periodic reviews and updates including:
Review of system access including logs from EHR/Practice Management and system logs.
These logs are to be kept for 10 years.
Staff changes are updated, onboarding, offboarding, updates to system access by function
Business Associate Agreements - maintained and reviewed
Policies and Procedures - reviewed against actual activity
Quarterly On-Site Meetings with Security Officer
On-Line Staff Training
Portal to verify policies have been reviewed and signed by staff
Periodic training emails and phishing tests
Monthly HIPAA Compliance Services
- I'm a product detail. I'm a great place to add more information about your product such as sizing, material, care and cleaning instructions. This is also a great space to write what makes this product special and how your customers can benefit from this item.