HIPAAcompliance

Implementation Summary:
25-Point Action Overview

1. Establish the objectives for the HIPAA Compliance Plan

2. Determine the best means to achieve the objectives

3. Set up a HIPAA Task Force, composed of your HIPAA Compliance Leader and appropriate departmental teams

4. Identify and train key staff in each department where systems, services, or information is impacted

5. Conduct HIPAA Impact Analysis

6. Determine HIPAA compliance need for each information system

7. Develop a resource impact analysis for each non-compliant system

8. Devise an action plan to bring all systems to compliance

9. Devise corresponding budget

10. Communicate findings to Executive Team / Board of Directors

11. Gain approval for action plans and budgets

12. Create a communications plan to enable regular feedback on progress and impact of compliance activities on day-to-day activities

13. Establish system priorities

14. Develop alternatives for non-compliant systems

15. Develop implementation schedule with projects approved by the HIPAA Task Force

16. For each project, identify necessary resources and develop detailed project plan, including project milestones

17. Implement plan and regularly report progress

18. Test and validate compliance of each remediated system

19. Implement remediated systems

20. Complete all related documentation

21. Update policies and procedures

22. Communicate results, internally and externally

23. Retrain users, and devise ongoing training program

24. Design monitoring and enforcement program

25. Conduct regular, comprehensive audits