HIPAA Compliance Requires Continuous Monitoring

With audits, patient complaints, and data breaches on the rise, HIPAA security compliance remains a top concern for TMA members. 

Recently, TMA Practice E-Tips took a deeper look at Step 2 of the Office of the National Coordinator for Health Information Technology's seven-step approach for implementing a security management process in your practice, outlined in its Guide to Privacy and Security of Electronic Health Information.

Let's examine Step 7: Monitor, audit, and update security on an ongoing basis.

The HIPAA Security Rule requires you to monitor the adequacy and effectiveness of your security infrastructure and make needed changes. This includes: 

  • Identifying trigger indicators or signs that electronic protected health information could have been compromised and further investigation is needed.
  • Establishing a schedule for routine audits and guidelines for random audits.

If your security infrastructure is potentially compromised, the HIPAA Security Rule also requires examination of what happened. This can include reviewing audit logs from your electronic health record; monitoring inbound and outbound network traffic; and other audit activities that can identify improper access, disclosure, and/or modifications to patient information.

TMA provides many resources to help practices become HIPAA security compliant, including articles, continuing medical education, a customizable policies and procedures manual, and consulting with a certified HIPAA compliance officer. In addition, TMA offers members discounted access to a new tool that helps simplify HIPAA security compliance.

The Online HIPAA Security Manager is available to physicians at a TMA member rate, with plans starting at $99 per month. This tool offers HIPAA risk analysis, access to HIPAA experts who identify deficiencies and make recommendations, a dashboard for identifying risks to security and compliance, automatic documentation of HIPAA activities, and more. For a complete overview of the tool's capabilities, visit the Online HIPAA Security Manager website.  

Published May 27, 2015

TMA Practice E-Tips main page

Last Updated On

May 30, 2019

Originally Published On

May 27, 2015