Your HIPAA Compliance Framework

January 14, 2021
Share this post

Becoming compliant with state and federal guidelines means assessing your business' risks, having policies and procedures in place, and training your staff on those policies and on federal and state regulations. Review the following items and see where there might be gaps in your compliance program.

Gather Policies and Procedures

  • Privacy and security policies, procedures, and forms
  • Risk Mitigation/Management policies, procedures, and forms
  • Breach notification policy and procedure
  • Password policies and workstation security policies
  • Disaster recovery and breach policies, procedures, and forms

Review Level of Risk and Related Policies

  • Most recent risk analysis
  • List of all hardware and software containing PII or PHI
  • Breach notification and Incident management processes
  • List of devices and systems that use encryption, along with the type of encryption
  • List of all users and access to systems with PII or PHI
  • Facility security plan and office layout

Gather Any Other Compliance Documentation

Gather Training Documentation

Compliance is complicated and confusing. We offer consulting and training that gives you a clear plan to reduce your risk so you can know that the future of your business is secure.

VanRein Compliance takes the extra step to ensure the data you work with stays secure. Below are some of the additional options we provide to give you a complete compliance solution.

Data Security Regulations

  • GDPR, California Consumer Privacy Act, and New York SHIELD Act compliance information
  • Up to date information on upcoming trends in data regulations
  • Compliance training and documentation for state-level security regulations

Dark Web Monitoring and Cybersecurity Training

  • 24/7 monitoring of domain names and employee account information on the Dark Web
  • Real-time alerts for compromised credentials
  • Email phishing simulations for employees
  • Training on cybersecurity awareness and avoiding common cybercrimes

Business Associate Attestations

  • Assess your business associates and other vendors with access to PII or PHI for security risks and adherence to data security regulations
  • Ensure your vendors are protecting your data and fulfilling their requirements 

Customized Training

  • Training tailored to the needs of your business
  • Industry-specific training
  • Compliance quizzes and training logs for your employees