Practice Safeguards and Notice of Privacy Practices HIPAA

As we begin to give guidance on HIPAA compliance, it is important for you to understand that our information has been researched and pulled from multiple sources, all leading back to the US Department of Health and Human Services website and that website is www.HHS.GOV. It’s an excellent resource for anything HIPAA-related.


Now, HIPAA requires organizations working in healthcare to conduct annual self-audits. These audits are meant to analyze an organization’s privacy and security practices to ensure that they adhere to HIPAA standards.


  • Security Risk Assessment (SRA) – this assessment analyzes an organization’s overall security to determine gaps, which allows remediation plans to be created to close those gaps.
  • Security Standards Audit – this requires organizations to have security policies in place in accordance with HIPAA standards.
  • HITECH Subtitle D Audit – ensures that documentation and procedures are in line with HIPAA breach notification requirements.
  • Asset and Device Audit – this audit requires organizations to create a list of all of the devices that access ePHI. This device list should include who uses the device and what protections are in place.
  • Physical Site Audit – ensures that each of an organization’s physical locations are secure by utilizing alarm systems, cameras, and keypad locks.
  • Privacy Assessment – the Privacy Assessment assesses an organization’s privacy policies, to ensure that PHI use and disclosure guidelines are in line with HIPAA standards. All of this information should be found within your HIPAA manual.