HIPAA resources and guidance

Complying with HIPAA’s privacy and security requirements can be complex and overwhelming. But the Department of Health and Human Services does provide some helpful guidance. Here’s a list of resources we found that might help you understand what’s required and plan your security programs:

1. HHS Security Rule guidance materials

This web page offers links to a series of educational papers addressing security requirements under HIPAA and specific HIPAA security guidance documents and publications by the National Institute of Standards and Technology (NIST)—a federal agency setting computer security standards for the government.

http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityruleguidance.html

2. HIPAA combined regulations

This is a link to a document containing the HIPAA privacy and security regulations, current through March 2013. Be careful when relying on this document to check if there have been changes to any regulations since March 2013.

http://www.hhs.gov/ocr/privacy/hipaa/administrative/combined/hipaa-simplification-201303.pdf

3. NIST HIPAA Security Rule Toolkit

This is a downloadable resource prepared by NIST to help organizations comply with the HIPAA Security Rule

http://scap.nist.gov/hipaa/

4. Guidance on risk analysis requirements under the HIPAA Security Rule

This is a HIPAA Guidance document specifically addressing the risk analysis that must be performed to comply with the HIPAA Security Rule.

http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/rafinalguidancepdf.pdf

5. HIPAA Security Guidance on remote use

This is a HIPAA Guidance document specifically addressing remote or offsite access to covered entities’ electronic PHI, including use of portable devices by staff who aren’t telecommuters but have a need to access data when they are away from the office.

http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/remoteuse.pdf

6. Database of breaches

This web page provides a listing of self-reported security breaches of unsecured PHI that affect 500 or more individuals and were reported to HHS.

http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

HIPAA resources and guidance

training on demand

connect with us

recent articles

Workplace political discussions: Strategies for handling what’s coming

How to handle a scamming, scheming employee

How to make your best impression at a business lunch

‘I’m a threat to my boss because I’m smarter’

The power of emotional intelligence: A guide for medical office managers

Non-compete agreements and deceiving your employer

Navigating career growth: 6 advancement opportunities for medical office managers

5 reasons to turn down a promotion … and how to do so tactfully

tools you can use

Model Policy: Office Temperature

Model Policy: Substance Abuse and Fitness for Duty

Model Policy: Medications error reporting

Model Policy: Progressive Discipline and Employee Termination

Model Policy: Patient Billings Collection and Financial Policy