The U.S. Department of Health and Human Services provides several tools to help employers and covered entities comply with HIPAA. These tools should be reviewed and incorporated into a HIPAA compliance plan.
- Security Risk Assessment Tool. The HHS Security Risk Assessment Tool helps small businesses and business associates perform a risk assessment to determine potential HIPAA vulnerabilities. The tool may be accessed by clicking here.
- Guidance on Risk Analysis Requirement. The Office of Civil Right’s Guidance on Risk Analysis Requirements under the HIPAA Security rule helps entities evaluate if they have a compliant risk analysis and risk management process. The guidance may be accessed by clicking here.
- Model Notice of Privacy Practices. HHS provides a Notice of Privacy Practices model for entities to use to fulfill their notice requirements. The model may be accessed by clicking here.