How do you comply for HIPAA?

Threr are several components to HIPAA. The "Administrative Procedures" is the part of the regulations that pertains to business continuity. The majority of the Administrative Procedures are concerned about protecting access to personal health information or PHI. Your security officer will be responsible for implementing these portions. You, the business continuity planner, will be responsible for the part of the regulations that demand that healthcare information be "available." The following list contains the minimum requirements: *You must have a data backup plan. *You must have an emergency response plan. *You must have a contingency plan. *You must have a plan testing and revision program. *You must conduct an "applications and data criticality analysis" (business impact analysis). *You must be able to recover applications and data in a reasonable amount of time. No particular recovery technology is required. No set recovery time objective or recovery scope objective is demanded. Your strategy and your plan simply must be reasonable for your organization. Over the next several years de facto standards will arise. If you think your organization falls under the HIPAA regulations, meet with your security officer to discuss an action plan. One of the first projects required is a gap analysis. Your current security and business continuity policies and practices must be measured against the standards in the regulations. The result will be a HIPAA implementation plan to fill in the gaps and move toward full compliance before the deadline. All medical billing services, such as Tammy Kelly Billing, must have these in place to comply.