Where You Should Be

I have been talking to several agencies lately and realize that most of you are not moving forward very fast with your HIPAA security compliance. Many of you have indicated that it will become a priority after the beginning of the year. If you have the resources to complete this project in that time frame, you should be OK. However, you should at least know where you stand and you should know that now.

By this time you should have named a HIPAA Security Compliance Officer. I suggest that that person create a small team consisting of an IT person, HR person, administrative person, and a health care person. This team should be able to resolve any policy and/or procedure issues that may come up during this project. The results the team comes up with should be reviewed by your attorney.

You should also have done your Risk Analysis by now. This will give you a good idea of how much work you have to do to become compliant. Don't forget, the Risk Analysis is a required task in the Security Rule.

The law goes into effect on April 21st. There are many tasks to be completed. Make sure you give yourself time to become compliant. You don't want to find out at the last minute that you still have a bunch of the 50 or so items in the rule to be completed.