“Scramble — it’s compliance time!” Words to this effect are uttered in the hallways of many offices as HIPAA-covered entities begin a mad dash toward ensuring that their business practices are compliant with the Health Insurance Portability and Accountability Act (HIPAA). Such efforts might be tied to an annual risk assessment, board meeting or other event that triggers a compliance review, but are usually characterized by a period of mild panic as staff members verify that the organization is meeting its HIPAA obligations.

As covered entities around the nation settle in to the HIPAA Omnibus Rule 2013 that went into effect last September, it’s an excellent time for an organization to question its own compliance practices. Are you guilty of the last-minute annual scramble? If so, consider whether your organization’s information security practices allow it to comply with HIPAA’s security provisions on a continuous basis, rather than performing a once-a-year health check. This continuous compliance approach reduces the risk of protected health information (PHI) being breached, as well as minimizing the stress on teams charged with maintaining HIPAA compliance.

Read the full story: After HIPAA Omnibus Rule 2013: How to implement continuous compliance

Published 4/3/2014 on SearchSecurity.com