How To Do A HIPAA Risk Assessment – Part 3

Once you have a complete inventory of all hardware used to access, store or transmit protected health information (PHI), you can create the necessary policies and procedures for your practice.

The HIPAA Security Rule requires practices to adopt and implement reasonable and appropriate policies and procedures.

We can help your practice get up to date and prepared to minimize breach risks from employees and third-party vendors. Subscribe to stay current and up to date on important matters that will impact your practice.  (To subscribe to our blog ).

The OCR will inspect your practice’s policies and procedures during an audit. This means that your policies and procedures had better be complete and up to date to avoid severe penalties.

Policies and procedures are also important because they help to avoid breaches by ensuring that proper security methods are in place. They also are essential in the face of a breach, because they instruct your staff on how to respond.

What types of policies and procedures are required by HIPAA?

Your practice must develop a full set of policies and procedures. Some necessary policies include:

  1. Policies on training,
  2. Policies on sanctions for violations,
  3. Policies on access of ePHI and PHI,
  4. Policies regarding breaches and disaster management,
  5. Policies on backups and encryption, and
  6. Policies on social media.

Your policies and procedures should also include required forms and agreements, such as your staff Confidentiality Agreement, and your Business Associate Agreements with any vendors or service partners.

HIPAA requires these policies and procedures be reviewed periodically and updated in response to any changes that may affect the security of electronic protected health information (ePHI).

Practices must keep their written policies and procedures for six years after the date of their creation, or their last effective date. Whichever date is later governs.

We can craft HIPAA compliance policies that are tailored to your practice’s specific needs. Contact us today!

Visit the blog next week for Part 4 of this multi-part series.

We publish vital information on health law topics and news every Wednesday and Friday. To get this important information delivered directly to your mail box, click here to Subscribe.

P.S. If you or your patients are interested in consumer healthcare issues, check out


Related Posts


Recent Posts

How Can You Protect Your Children?
June 1, 2023
Are You Prepared for an Audit?
May 30, 2023
Why Shouldn’t I Use an Online Will?
May 25, 2023
What You Need to Know About Licensing and Credentialing
May 23, 2023
How Do I Get Out of My Non-Compete?
May 16, 2023


Subscribe to Our Newsletter

Subscribe and get your FREE copy of Easy Guide to HIPAA Risk Assessments

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment. (an $8.99 value)

Thank you for subscribing to the Rickard & Associates healthcare blog. You'll receive a confirmation email shortly. After verifying your subscription request, you'll be sent to the "Easy Guide to HIPAA Risk Assessments" download page.