Identify all systems and data that handle Protected Health Information (PHI)
2
Evaluate existing security controls and practices
3
Identify gaps in compliance
4
Create a risk management plan
5
Implement security controls and practices to address identified gaps
6
Train employees on HIPAA/HITRUST requirements and company policies
7
Conduct regular system and security audits
8
Establish a procedure for responding to security incidents
9
Maintain documentation of all compliance efforts
10
Approval: Audit Results Review
11
Validate HITRUST compliance with an independent assessment
12
Remediate any issues found in the independent assessment
13
Approval: Remediation Plan
14
Submit documentation and assessment results to HITRUST
15
Rescan and reassess compliance annually
16
Approval: Annual Compliance Review
17
Act upon feedback and recommendations from HITRUST
Identify all systems and data that handle Protected Health Information (PHI)
This task involves identifying all systems and data within the organization that handle Protected Health Information (PHI). The goal is to have a comprehensive understanding of where PHI is stored, transmitted, and accessed. By completing this task, we can ensure that appropriate security measures are in place to protect PHI and comply with HITRUST requirements. Are you aware of all the systems and data that handle PHI within your organization?
Evaluate existing security controls and practices
This task involves evaluating the existing security controls and practices in place within the organization. The purpose is to assess the effectiveness of the current controls and identify any areas that require improvement to meet HITRUST compliance. By completing this task, we can ensure that our security controls are aligned with best practices and provide adequate protection for PHI. What security controls and practices are currently implemented within your organization?
Identify gaps in compliance
In this task, we will identify any gaps in compliance with HITRUST requirements. By reviewing the evaluation results from the previous task, we can identify areas where our organization falls short of meeting the necessary security standards. The goal is to understand the specific areas that need improvement and develop targeted strategies to address them. Have you identified any gaps in compliance with HITRUST requirements?
Create a risk management plan
This task involves creating a risk management plan to address the identified gaps in compliance. The risk management plan will outline specific actions, responsibilities, and timelines for mitigating the identified risks. By completing this task, we can ensure that we have a structured approach to managing risks and achieving HITRUST compliance. What actions and strategies will be included in the risk management plan?
Implement security controls and practices to address identified gaps
In this task, we will implement the necessary security controls and practices to address the identified gaps in compliance. By putting in place the recommended measures, we can strengthen our security posture and ensure that PHI is adequately protected. Are you ready to implement the security controls and practices needed to address the identified gaps?
Train employees on HIPAA/HITRUST requirements and company policies
This task involves providing training to employees on HIPAA/HITRUST requirements and company policies. The goal is to ensure that all employees are aware of their responsibilities in handling PHI and are knowledgeable about the necessary security measures. By completing this task, we can reduce the risk of human error and ensure a culture of compliance within the organization. What training methods and resources will be used to educate employees?
1
Online training
2
In-person training
3
Webinars
4
Training videos
5
Written materials
1
Training manuals
2
Interactive quizzes
3
Training presentations
4
Case studies
5
Role-playing exercises
Conduct regular system and security audits
This task involves conducting regular system and security audits to assess the effectiveness of the implemented security controls and practices. By regularly auditing these systems and practices, we can identify any potential vulnerabilities or non-compliance issues and take prompt action to address them. How often will system and security audits be conducted?
1
Quarterly
2
Bi-annually
3
Annually
4
Every 2 years
5
As needed
Establish a procedure for responding to security incidents
This task requires establishing a procedure for responding to security incidents involving PHI. The procedure should outline the steps to be taken in the event of a security breach or incident, including incident notification, containment, investigation, and recovery. By having a well-defined procedure in place, we can minimize the impact of security incidents and ensure a swift and effective response. Have you established a procedure for responding to security incidents?
1
Yes
2
No
Maintain documentation of all compliance efforts
This task involves maintaining documentation of all compliance efforts related to HITRUST requirements. By keeping thorough and up-to-date documentation, we can demonstrate our commitment to compliance and provide evidence of our efforts to protect PHI. What documentation will be maintained?
1
Risk management plan
2
Employee training records
3
Incident response documentation
4
Audit findings and reports
5
Compliance assessment results
Approval: Audit Results Review
Will be submitted for approval:
Conduct regular system and security audits
Will be submitted
Validate HITRUST compliance with an independent assessment
This task requires validating HITRUST compliance with an independent assessment. The assessment will evaluate the organization's adherence to HITRUST requirements and determine if any non-compliance issues exist. By completing this task, we can obtain an objective assessment of our compliance status and identify areas that may require remediation. Have you scheduled an independent assessment for HITRUST compliance validation?
1
Next quarter
2
Next year
3
Within the next 6 months
4
As soon as possible
5
No assessment scheduled
Remediate any issues found in the independent assessment
This task involves remedying any issues or non-compliance findings identified in the independent assessment. By addressing these issues promptly and effectively, we can ensure that the organization achieves full compliance with HITRUST requirements. What action will be taken to remediate the identified issues?
Approval: Remediation Plan
Will be submitted for approval:
Validate HITRUST compliance with an independent assessment
Will be submitted
Remediate any issues found in the independent assessment
Will be submitted
Submit documentation and assessment results to HITRUST
This task requires submitting the documentation and assessment results to HITRUST for review and approval. By submitting these materials, we seek HITRUST's validation of our compliance efforts and confirmation of our adherence to their requirements. What documentation and assessment results will be submitted to HITRUST?
Rescan and reassess compliance annually
This task involves rescanning and reassessing compliance annually to ensure continuous adherence to HITRUST requirements. By conducting regular reassessments, we can identify any changes or new risks that may impact compliance and take appropriate measures to address them. When will the annual rescan and reassessment be conducted?
Approval: Annual Compliance Review
Will be submitted for approval:
Rescan and reassess compliance annually
Will be submitted
Act upon feedback and recommendations from HITRUST
This task requires acting upon feedback and recommendations received from HITRUST after the review of documentation and assessment results. By addressing these recommendations and implementing any necessary changes, we can continuously improve our compliance efforts and strengthen our security controls. How will feedback and recommendations from HITRUST be addressed?