Log In

Important HIPAA Information Security Due Dates for Healthcare Organizations

Important HIPAA Information Security Due Dates for Healthcare Organizations

Reza Ghafoorian, MD, JD

Feb 15, 2024

2 min read

Practice Management

There is no shortage of due dates or documentation requirements when it comes to maintaining health care compliance. Maintaining compliance with HIPAA Security rules is complicated. Learn about crucial due dates for HIPAA security compliance and how to manage them effectively.

Learn MoreSchedule a Demo

When it comes to HIPAA information security compliance, you cannot just draft your policy handbook, shelve it, and forget it. HIPAA information security rules require you to keep a host of important due dates and meet specific recordkeeping standards.  

Maintaining compliance with HIPAA Security rules involves conducting periodic security team meetings, analyzing access logs, and adhering to specific timelines and due dates.

HIPAA rules require that security and risk management documents are available to those who need it and specify how long they should be maintained.  The Office of the National Coordinator for Health Information Technology (ONC) has provided a sample Information Security Policy Template organizations can use to become compliant with the Security rules. In Table 1, we have reviewed the Security Risk Assessment and the sample Information Security Policy Template and have compiled some of the important due dates for HIPAA Information Security rules.  There may be other important due dates, depending on your exact security practices and procedures, so we suggest you take a look at these documents yourselves.

TABLE 1

Action Due Date
Security Risk Assessment (SRA) Periodically or as needed
Review and Update Security Documentation and Policies and Procedures Periodically or as needed
Information Security and Risk Management Documents Annually
Staff Security Training and Documentation Upon hire and Periodically
Issue New Passwords Quarterly
Revoke Inactive Logins Semi-Annually
Confidentiality/Security Team (CST) Meeting Quarterly
Entitlement Reviews (employee access/role/software) Annually
Terminate Non-Active Users on Tech Stack Quarterly
System Audit Reports (in checklist format) Annually or when suspected of wrongdoing
Login Access Audits Annually or when suspected of wrongdoing
File Access Audit Annually or when suspected of wrongdoing
Review of Security Incidents Annually or when suspected of wrongdoing
User Account Audits Annually or when suspected of wrongdoing
Network Connectivity Processes Audit Annually
Audit of Antivirus/Virus Patterns for Each Workstation Annually
Confidentiality Training Annually
Encryption Processes Audit Annually
Data Storage Access Audit Quarterly
Disaster Recovery Team meeting Annually
Staff HIPAA Privacy Training Annually
Upgrades/Modifications to Facility Annually
List of Company Devices, Functions and Locations Annually
Revise devices List used by Business Associates Annually
Revise List of Business Associates with Access to ePHI Annually
Check Updates/Patches for All Software Quarterly
Test Disaster Recovery and Emergency Operations Mode Plan Annually
List of Anticipated Emergencies that Can Damage Critical Information Systems Annually
Review and Update HIPAA Information Security Policies and Procedures Annually

There is no shortage of due dates or documentation requirements when it comes to maintaining health care compliance. The list we compiled above only includes due dates related to HIPAA Information Security practice. So, how do you keep track of all these due dates? And where do you store all these compliance documents? If your answer is paper files, spreadsheets or Google calendar, you are working too hard. 

Visit us at Perla to find out how you can implement an easy-to-use due date, email reminder and task management compliance software to help you manage all of your important due dates and significantly reduce your time and costs. Click here to book a demo.

Book a DemoLearn More

Related Posts

Subscribe via Email

Privacy Policy

We're committed to your privacy. Perla uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our privacy policy.

Operational Modernization: Why Automation Should Not Be a Dirty Word for Long Term Care Organizations

Practice Management

Operational Modernization: Why Automation Should Not Be a Dirty Word for Long Term Care Organizations

Explore why automation is vital for long-term care (LTC) organizations despite traditional methods' familiarity. Discover how automation enhances efficiency, compliance, and saves costs. Uncover common objections, cost-benefit analyses, and security considerations. Learn why specialized solutions outshine generic ones and how to navigate the transition effectively

Feb 21, 2024

 - 

8 min read

Managing Criminal Background Check Records During and After Employment in the District of Columbia

Practice Management

Managing Criminal Background Check Records During and After Employment in the District of Columbia

This article navigates the legal complexities of managing employee criminal background check records in long term care organizations within the District of Columbia. It details requirements for licensed and unlicensed personnel, and addresses recordkeeping challenges and liabiilties.

Jan 30, 2024

 - 

5 min read

Take Your Practice to the Next Level

Get started with Perla platform and grow your practice.

Book a Demo
BlogPrivacy PolicyTerms of ServiceContact UsSitemap
Copyright © 2023 Perla. All Rights Reserved.