HIPAA, which stands for Health Insurance Portability and Accountability Act, was established in 1996. This important legislative act affects many areas of the healthcare industry, but is best known for protecting the privacy of patients and ensuring that all patient data remains secure.
While the primary functions of HIPAA remain the same, the Act continually evolves to suit the ever-changing healthcare industry. This means that healthcare entities must also adapt by updating their HIPAA compliance program on a routine basis. Take a look at this HIPAA compliance checklist for 2020 to see how your business measures up to current HIPAA regulations.
Primary Components Of HIPAA
HIPAA guidelines help establish the many responsibilities for BAs and CEs in relation to the healthcare data of patients. All responsibilities align with the various rights that are granted to patients to protect their privacy and healthcare records.
HIPAA consists of five main components. These components include the following:
- HIPAA Title I. This component makes it possible to maintain coverage when employment changes while on a group plan. Title I also make it unlawful for group insurance plans to deny individuals because they do not want to build lifetime maximums into their contracts.
- HIPAA Title II. This component establishes national standards by the U.S. Department of Health and Human Services for the processing of electronic healthcare transactions. The title also requires healthcare organizations to use secure electronic access to healthcare data.
- HIPAA Title III. This component covers new tax rules that relate to healthcare treatment.
- HIPAA Title IV. This component discusses details on reform of insurance law, along with protections for people with pre-existing conditions and people who want to maintain their health insurance.
- HIPAA Title V. This component provides guidelines for life insurance policies owned by companies, as well as how to handle certain income tax scenarios in which U.S. citizenship is revoked.
Meeting 2020 HIPAA Standards
With HIPAA audits and healthcare breaches on the rise, remaining in compliance with HIPAA has never been more important. By using a HIPAA compliance checklist to see where your business stands, you can help ensure that your company remains in compliance with HIPAA in 2020. The HIPAA compliance checklist for 2020 is as follows:
Annual Self Audits
Has your business conducted the six required annual self-audits? For business associates (BAs), there are five. These annual self-audits include:
- Security Standards Audit
- Security Risk Assessment
- Physical Site Audit
- HITECH Subtitle D Audit
- Privacy Assessment (not required for BAs)
- Asset and Device Audit
Has your business used the annual self-audits to identify possible gaps? Have these possible identified gaps been documented?
Has your business created remediation plans designed to address the identified gaps? If so, were these remediation plans documented in writing, and are they reviewed and updated at least once a year? Have you retained the remediation plans in your records for a minimum of six years?
Have all of your employees completed their HIPAA training for the current year? This training should be completed annually. In addition, do you have documentation that proves that HIPAA training was completed? Does your company have a designated HIPAA compliance, security, or privacy officer?
Policies & Procedures
Has your business developed policies and procedures that apply to your business practices and contain information regarding HIPAA security, privacy, and/or breach notification rules? In addition, have all of your employees legally attested to these policies and procedures, and is there documentation to prove this attestation? Your business should also have annual reviews of all policies and procedures.
Identifying Associates & Vendors
Has your business identified business associates and vendors, and have these individuals provided signatures for business associate agreements? Does your business review and track business associate agreements at least once a year? Does your company have confidentiality agreements with vendors?
Incident Response Plan
Does your business have an incident response plan in place that has a clear and concise process outline for breaches? Does your company have the ability to accurately track and manage incident investigations? Do your employees have the ability to report incidents anonymously? Also, be sure that your company is able to provide all required reports relating to incidents and breaches.
Inquire About PEO Consulting Services
As HIPAA rules and regulations continue to change year after year, it can be challenging to keep up with these changes and make the necessary adjustments to business plans. To help ensure that your company remains HIPAA compliant without having to spend excessive time or resources on compliance, consider acquiring PEO’s consulting services. For more information about the importance of remaining in compliance with HIPAA in 2020 or to request a quote for PEO consulting services, contact the experienced PEO consultants at BenefitCorp.