HIPAA Compliance Plans for You

Are you prepared to take the next step forward to make the best HIPAA Compliance Plan for your organization?  Are you ready to work with a professional who can guide you through creation of your HIPAA Compliance Program?

We can help you create a customized HIPAA compliance plan that includes all policies and training for your organization.

When we are engaged to consult on HIPAA we will review and revise your plan to assure compliance with the HIPAA Rule and best practices. Moreover, if you don’t have a compliance plan we will draft a plan with policies and procedures that offers complete coverage of the privacy, security and HITECH requirements.

We can work with you to assure you have a HIPAA Privacy Officer who is knowledgeable of the rules and is able to manage the plan effectively.

State Regulations

In addition your organization must consider that privacy laws vary from state by state and must be considered every time a plan is created or modified. For example, in some states there are certain regulations that are more stringent than the Privacy Rule. An organization must be prepared for these state to state variations in the HIPAA rules. This is a good reason to obtain a customized HIPAA compliance plan through HIPAA Associates.

The Purpose of a Plan

Covered entities must create plans that include policies and guidelines that help safeguard the Protected Health Information (PHI) which the organization handles. This includes all forms of PHI such as that which is written, verbal and electronic. The plan will protect the confidentiality, integrity, and availability of PHI and electronic (e-PHI). An effective plan gives individuals rights over their PHI and outlines the responsibilities of covered entities. To be fully prepared an entity must also perform a full Security Risk Analysis to assess the health and security of their HIPAA program. By creating your own Customized HIPAA Compliance Plan you will assure that all of the important topics are covered.

Creating a HIPAA Program

An organization is required to comply with the HIPAA Privacy regulations if they store or transmit protected health information electronically. For an organization to follow the regulations several steps must take place.

A Covered Entity must:

  1. Implement the appropriate policies and procedures to protect and safeguard PHI.
  2. Provide HIPAA Training for all employees of the organization based on their roles.
  3. Select and train a privacy officer to oversee the HIPAA Privacy program.

HIPAA Associates is prepared to assist you through all of the stages you need to have an effective plan. We have available all of the elements needed to make this happen.  Take the opportunity to review our HIPAA Compliance Checklist.

HIPAA Risk Analysis

It is important for all organizations who handle PHI to prepare by performing a Risk Analysis to determine the risks to Protected Health Information (PHI) in their organization. By doing so they can prepare to address any vulnerabilities. The Security Rule provides guidance in this matter and should be addressed by all interested Privacy Officers. In some situations and organization may consider a HIPAA Gap Analysis which can give an overview of risk within the organization. It does not replace a HIPAA Risk Analysis which is much more detailed.

What HIPAA Associates Offers:

  1. We offer all of the formal documentation you will need to create a fully functional program. This includes all of the Privacy & Security policies needed to make your program a success.
  2. HIPAA Associates has a complete HIPAA Training program available for your organization that will help you train everyone based on their roles. Our web-based program is easy to use and will allow you to get everyone trained quickly. We will assist in monitoring the success of your training and work closely with your Privacy Officer.
  3. As you create your program it will be essential you choose and train a Privacy Officer. We are prepared to assist in the training of your officer so that they participate in the creation of your plan. This will allow them to better understand the function of your program and be a more effective leader.


A HIPAA compliance plan holds providers and workforce members accountable for protecting PHI. Naturally this occurs through its policies, procedures and guidelines. In addition, the plan also outlines the consequences of a PHI breach or any violation of the policies in the compliance plan. By having a plan in place, it will help mitigate any breaches of PHI that might occur in the future. Finally, HIPAA compliance plans also ensure that all workforce members, which includes employees, physicians, volunteers and trainees are properly trained on how to handle PHI in all of its forms.

Learn more about our HIPAA Compliance services. Watch our video

Training your employees

Have you considered training or retraining your employees on the HIPAA Rules? The best way to prevent breaches is to train your employees. We are here to help you with all matters related to HIPAA. We will bring your organization into compliance as expected by the Office for Civil Rights (OCR), the division of the federal Department of Health and Human Services with authority over the HIPAA Rules.

The organization must implement a training program that trains workforce members on the requirements and policies that apply to them in their individual roles. The training program must train all workforce members upon employment on HIPAA and policies and procedures and on a regular basis thereafter. It is important to recognize the OCR does not accept the term “Certification, but rather wants organizations to confirm all personnel have received appropriate training.

Appoint a Privacy Officer

Privacy and Security Officers must be appointed to oversee the HIPAA program. They are responsible for oversight of the program and for tracking, investigating, resolving and documenting all privacy and security complaints and investigative steps taken. They ensure there is no retaliation against any workforce member or other individual for reporting a PHI breach or filing a HIPAA complaint.

A Privacy Officer must be trained on the HIPAA Privacy Rule. We can assist in preparing your officer to be an effective leader of your program. Our professionals will work with your Privacy Officer as the Plan is created. This will ensure they are familiar with all the Policies and how the Plan works.

Business Associate Agreements

A covered entity must enter into a Business Associate Agreement with each organization or vendor that accesses, uses or discloses PHI to on behalf of the organization.  This will help ensure the Business Associate uses appropriate safeguards to protect the PHI in the same manner that the covered entity must.

HIPAA Associates Will Help

HIPAA Compliance

Our professionals are prepared to assist you with all of these important policies and procedures. HIPAA Associates develops and consults on HIPAA compliance plans that include HIPAA privacy and HIPAA security. This includes all security policies and procedures and breach reporting requirements in compliance with the HIPAA Rules. Of great importance, HIPAA Associates is always available to assist you when questions arise regarding the HIPAA Rule. HIPAA consulting is the main focus of our organization. We would be happy to discuss with you how we can help with your Customized HIPAA Compliance Plan.

Customized HIPAA Compliance Plans

Customized Compliance Plans

Our customized HIPAA Compliance Plans include HIPAA Privacy Policies, HIPAA Security Policies and HIPAA Training for your organization. We will assist you in implementing the program and will work with your Privacy Officer.

HIPAA Privacy Policies

HIPAA Privacy Policies

Our HIPAA Privacy Policies cover all the necessary steps to be compliant with the Privacy Rule & HITECH Regulations.

HIPAA Security Policies

HIPAA Security Policies

Our Security Policies will help you comply with the requirements of the Security Rule.

HIPAA Training Program

HIPAA Compliance Training

We specialize in fully customized HIPAA training programs created specifically for your organization.

Fully Customized Plans – $500 and up

Contact us today to discuss how we can help create your customized HIPAA compliance plan and training for your organization.

Frequently Asked Questions:

Do we need a HIPAA Compliance Plan?

Any covered entity that handles protected health information (PHI) must be prepared to protect that information. This is done by creating and implementing a HIPAA compliance plan with policies and procedures to safeguard PHI. The plan will outline the steps you will have to take in the event of a breach. This will ensure that all workforce members are properly trained on how to handle PHI in all its forms.
HIPAA Associates is prepared to create the perfect compliance plan for your organization that has all the necessary policies, procedures and training you will need to keep your PHI safe.

HIPAA Compliant

How do I handle a breach?

It is important to follow all the steps to report a breach to the OCR. Every breach is different and must be handled on a case by case basis. A full breach analysis must be performed to determine if there was an impermissible use or disclosure that compromises the security of protected health information.

Factors to be resolved are:

1. The nature and extent of the breach including identifiers
2. The unauthorized person to whom disclosure is made
3. Whether the PHI was acquired or viewed
4. The extent to which the risk to PHI has been mitigated

Protect PHI

HIPAA Associates can help your organization through this process to ensure you follow all the important steps.

How to create a Compliance Plan

  • Implement Policies & Standards

         Policies and procedures help establish the rules your organization will need to carry out the requirements of federal health care program guidelines.

  • Designate a Compliance Officer

          The compliance officer will be responsible for operating and monitoring the compliance program.

  • Conduct an effective training program

          All personnel should receive training on fraud & abuse laws as well as the compliance program.

  • Develop effective lines of communication

          Employees must have avenues available for reporting concerns internally. Anonymous reporting must be available.

  • Conduct internal monitoring and auditing

          A good program will have an ongoing process to evaluate and assess the organization for inappropriate behavior.

  • Enforce standards of conduct with guidelines

          An organization must have well published standards of conduct. The plan should clearly state the implications and penalties of violating the standards.

  • Respond promptly to violations and take corrective action

          An organization must ensure timely and effective remedial action for offenses.