Of course, it is important for the HIPAA Compliance Officer to be familiar with all the policies and forms that are included in your package. It is recommended to download your package and extract all files. Below are some files that you may want close at hand in addition to the files made available to the employees.
Step 2: Security Incident Procedures and Breach Notification Plan
Security Incident Policy
Security Incident Plan
State Law Requirements
Security Incident Report – Breach Notification Report
Step 3: HIPAA Policies and Procedures
Employee (Workforce) Security – Clearance and Termination Policy
Workstation (Inventory) Security Policy
Patient Information Blocking Policy
Social Media Policy
Step 4: HIPAA Forms and Documentation:
Employee (Workforce) Clearance Checklist
Employee (Workforce) Termination Checklist
HIPAA Security Reminder Log
Information Activity Review Forms (if you do not receive reports from your IT department or download access logs from your EHR)
Patient Notice of Privacy Practices (post in waiting area and on website)
Patient Notice of Conscience Rights (post in waiting area and on website)
Patient Notice of Good Faith Estimate (post in waiting area and on website)
Patient Notice of Non-Discrimination - Language Assistance (post in waiting area and on website)
Patient Notice for Rights Against Surprise Billing (post in waiting area and on website)
Social Media and Marketing Agreement
Step 6: Contingency Plan
Contingency Plan (even if you have one from your IT vendor, you must know how to respond to emergencies and disasters)
Step 7: Information, Laws, and Resources
Review each area to choose what to download. There is a wealth of information in this Step to help you to understand the laws and share with the staff.
