In this episode we discuss the importance of documentation for your HIPAA compliance program. You can be doing everything right but without documentation there is now way for you to show anyone else that is the case. If you can't prove it then you aren't doing it as far as OCR is concerned.

Glossary

A managed service provider (MSP) is a third-party contractor that is under contract (usually a monthly fee) to provide on-going technology support to other organizations.

Links

FindHealthcareIT

HIPAAforMSPS.com

KardonCompliance.com

ComplyAssistant.com

Notes

• OCR says "don't just tell me you are compliant, show me you are"
• What do you need to document
  • Policies and Procedures, including archive history
  • Risk Analysis and Risk Assessment
  • Training for workforce (who, what, where, when)
  • Risk Mitigation project plans
  • Issue/Incident details
  • BAAs and BA Due Diligence
  • Activity monitoring reports and logs
  • Audit plans and results
  • Assessment plans and results
  • Inventories of software, hardware, etc
  • Breach response plans and documentation
• Spreadsheets and documents in folders or document management tools
• Compliance Management tools