|
|
|
|
|
|
by WettowelReactor
4286 days ago
|
|
|
This is all great advise. I would just strongly emphasize that HIPAA compliance has significantly more to do with the soft guidelines than meeting technical specifications. Part of what makes HIPAA compliance challenging from a techies perspective is that there are very few proscriptive rules. A lot of implementation is left up to the provider to provide flexibility but the justification for all those decisions needs to be defensible. A couple last items I would add:
Not only do you need a BAA with any service provider you use you will also need one for any contractor who has access to PHI you are responsible for. As of the latest set of rules this also applies to any subcontractors that your contractors may use. You will also need named privacy and security officers who are responsible for the overall program and will be the first ones HHS and OCR will ask for should you be audited. |
|
|