Creating a Plan
To begin with, covered entities must create plans that include policies and guidelines that help safeguard the Protected Health Information (PHI) which the organization handles. This includes all forms of PHI such as that which is written, verbal and electronic. As a result, they will have to protect the con?dentiality, integrity, and availability of PHI and electronic (e-PHI). To be fully prepared an entity must also perform a full Security Risk Analysis to assess the health and security of their HIPAA program.
Moreover, a HIPAA compliance plan holds providers and workforce members accountable for protecting PHI. Naturally this occurs through its policies, procedures and guidelines. In addition, the plan also outlines the consequences of a PHI breach or any violation of the policies in the compliance plan. By having a plan in place, it will help mitigate any breaches of PHI that might occur in the future. Finally, HIPAA compliance plans also ensure that all workforce members, which includes employees, physicians, volunteers and trainees are properly trained on how to handle PHI in all of its forms.