...
  • Product
    Features

    Take a look at our full features list and description.

    Security

    We are committed to privacy and security at every level.

  • Use Cases
    Planning

    Transform your ideas into clear and effective plans.

    Management

    Take control of your processes and discover new insights.

    Writing

    Easily build your documentation directly from your process flows.

  • ProFrameworks
  • Pricing
  • Resources
    Knowledge Base

    Our latest documentation with articles by category and topic.

    Templates

    Browse our ready-made templates to get started quickly.

    Blog & News

    We post routinely with news, announcements and blog articles.

    Contact Support

    Do you have an issue? Want to request a feature, or report a bug?

  • Log In
  • Try for Free
Templates HIPAA Compliance

HIPAA Compliance

This template goes through common steps for HIPAA compliance. Things such as establishing the necessary security roles in your organization as well as assessments and training.

HIPAA Compliance

This diagram was created on Feb 19, 2021 8:33 PM and was last updated Mar 8, 2021 9:36 AM.

1.
Designate a Compliance, Security & Privacy Officer

Assigned to Sr. Leadership (My Org), Compliance Officer (My Org), Security Officer (My Org) and Privacy Officer (My Org)
2 hrs

You must first designate a Compliance, Security & Privacy Officer for your organization.

- Compliance Officer:  is responsible for developing compliance & training programs as well as managing business associate agreements.
- Security Officer:  is responsible for compliance with the Administrative, Physical and Technical Safeguards of the Security Policies.
- Privacy Officer:  is responsible for developing a HIPAA-compliant privacy program, oversee ongoing employee privacy training, conduct risk assessments and develop HIPAA-compliant procedures where necessary.

Links to 2. Conduct Security Risk Assessment

2.
Conduct Security Risk Assessment

Assigned to Privacy Officer (My Org) and Security Officer (My Org)
1 wk

Following the NIST Guidelines, conduct a Security Risk Assessment on your organization. A risk assessment helps reveal areas where your organization’s protected health information (PHI) could be at risk.

Linked from 1. Designate a Compliance, Security & Privacy Officer
Links to 3. Conduct Privacy Assessment

3.
Conduct Privacy Assessment

Assigned to Privacy Officer (My Org)
1 wk

Conduct a Privacy Assessment on your organization. Identify and mitigate risks, including risks to confidentiality, at every stage of the system life cycle.

Linked from 2. Conduct Security Risk Assessment
Links to 4. Conduct Administrative Assessment

4.
Conduct Administrative Assessment

Assigned to Privacy Officer (My Org) and Compliance Officer (My Org)
1 wk

Conduct an Administrative Assessment and evaluate what policies does your organization currently have in place to ensure the security of PHI.

Linked from 3. Conduct Privacy Assessment
Links to 5. Document all deficiencies from assessments

5.
Document all deficiencies from assessments

Assigned to Privacy Officer (My Org)
1 day

Create a document that itemizes all of the deficiencies from the following:

- Security Risk Assessment
- Privacy Assessment
- Administrative Assessment

Linked from 7. Have all deficiencies been identified and documented?and 1 more
Links to 6. List of Deficiencies

6.
List of Deficiencies

Assigned to Privacy Officer (My Org)

This is a document of all the deficiencies from the following:

- Security Risk Assessment
- Privacy Assessment
- Administrative Assessment

Linked from 5. Document all deficiencies from assessments
Links to 7. Have all deficiencies been identified and documented?

7.
Have all deficiencies been identified and documented?

Assigned to Privacy Officer (My Org)

Have you identified all deficiencies discovered during the audits?
Have you documented all deficiencies?

Linked from 6. List of Deficiencies
Links to 8. Create remediation plans to address deficiencies

8.
Create remediation plans to address deficiencies

Assigned to Security Officer (My Org)
1 wk

Using the deficiencies from the audits, create remediation plans to address the deficiencies for the following:

- Security Risk Assessment
- Privacy Assessment
- Administrative Assessment

Linked from 7. Have all deficiencies been identified and documented?
Links to 9. Remediation Plan

9.
Remediation Plan

Assigned to Security Officer (My Org)

Remediation Plan that addresses the deficiencies in the following audits:

- Security Risk Assessment
- Privacy Assessment
- Administrative Assessment

Linked from 8. Create remediation plans to address deficiencies
Links to 10. Develop Policies & Procedures for Privacy, Security & Breaches

10.
Develop Policies & Procedures for Privacy, Security & Breaches

Assigned to Security Officer (My Org)
2 wks

Create Policies and Procedures relevant to the HIPAA Privacy, Security, and Breach Notification Rules. 

Linked from 9. Remediation Plan
Links to 11. Policies & Procedures

11.
Policies & Procedures

Assigned to Security Officer (My Org)

Document the Policies & Procedures for HIPAA Privacy, Security and Breach Notification Rules.

Linked from 10. Develop Policies & Procedures for Privacy, Security & Breaches
Links to 12. Communicate the Policies & Procedures

12.
Communicate the Policies & Procedures

Assigned to Security Officer (My Org), Compliance Officer (My Org), Privacy Officer (My Org), All Staff (My Org) and Sr. Leadership (My Org)
1 day

Make your Policies & Procedures clearly available to everyone in your organization. Take time to review the Policies & Procedures with your staff.

Linked from 11. Policies & Proceduresand 1 more
Links to 13. Attestation to Policies & Procedures?

13.
Attestation to Policies & Procedures?

Assigned to All Staff (My Org)

Have all staff members read and attested to the Policies and Procedures?

Linked from 12. Communicate the Policies & Procedures
Links to 14. Document Attestation

14.
Document Attestation

Assigned to Security Officer (My Org)
1 day

Document the Attestation to Policies & Procedures from all staff members.

Linked from 13. Attestation to Policies & Procedures?
Links to 15. Attestation to Policies & Procedures

15.
Attestation to Policies & Procedures

Assigned to Security Officer (My Org)

This is the document of everyone staff member's Attestation to the Policies & Procedures.

Linked from 14. Document Attestation
Links to 16. Develop a Compliance & Training Program

16.
Develop a Compliance & Training Program

Assigned to Compliance Officer (My Org), Security Officer (My Org) and Privacy Officer (My Org)
2 wks

Develop a Compliance & Training program that makes it clear for everyone in your organization what your policies are and how to remain compliant. Training materials should also provide a more comprehensive overview of HIPAA compliance.

Linked from 15. Attestation to Policies & Procedures
Links to 17. Compliance & Training Program

17.
Compliance & Training Program

Assigned to Compliance Officer (My Org)

This is the document for your organization's Compliance & Training Program.

Linked from 16. Develop a Compliance & Training Program
Links to 18. Perform Annual HIPAA Training

18.
Perform Annual HIPAA Training

Assigned to All Staff (My Org), Compliance Officer (My Org), Security Officer (My Org), Sr. Leadership (My Org) and Privacy Officer (My Org)
4 wks

Require all staff members perform an Annual HIPAA Training based on your Compliance & Training program.

Linked from 17. Compliance & Training Program
Links to 19. Training Certificate

19.
Training Certificate

Assigned to All Staff (My Org)

Require certificates for completion of your organization's HIPAA Training.

Linked from 18. Perform Annual HIPAA Training
Links to 20. Establish Business Associate Agreements

20.
Establish Business Associate Agreements

Assigned to Compliance Officer (My Org)
2 wks

The HIPAA Privacy Rule requires all Covered Entities to have a signed Business Associate Agreement (BAA) with any Business Associate (BA) they hire that may come in contact with PHI. Establish any entity in which you have a business association and require a signed BAA.

Linked from 19. Training Certificate
Links to 21. Audit Business Associates and ensure they are HIPAA compliant

21.
Audit Business Associates and ensure they are HIPAA compliant

Assigned to Compliance Officer (My Org)
4 wks

Perform an audit on all of your BAs to ensure that they are HIPAA compliant.

Linked from 20. Establish Business Associate Agreements
Links to 22. Business Associate Agreements

22.
Business Associate Agreements

Assigned to Compliance Officer (My Org)

This is the document for all signed BAAs.

Linked from 21. Audit Business Associates and ensure they are HIPAA compliant
Links to 24. Do you have a process in the event of incidents or breaches?

23.
Develop a process for incidents or breaches

Assigned to Privacy Officer (My Org)
1 wk

Develop a process for investigating minor or meaningful incidents or breaches. This should include the necessary steps for performing an investigation and how to document and report the incident or breach.

Linked from 24. Do you have a process in the event of incidents or breaches?
Links to 25. Process Documentation for Incidents or Breaches

24.
Do you have a process in the event of incidents or breaches?

Assigned to Privacy Officer (My Org)

Do you have the ability to track and manage the investigations of all incidents?
Are you able to demonstrate that you have investigated each incident?
Are you able to provide reporting of minor or meaningful breaches or incidents?
Do your staff members have the ability to anonymously report an incident?

Linked from 22. Business Associate Agreements
Links to 25. Process Documentation for Incidents or Breaches

25.
Process Documentation for Incidents or Breaches

Assigned to Privacy Officer (My Org)

This is the documentation of the process for an incident or breach. This document should describe the necessary steps to perform an investigation and how to document the report.

Linked from 23. Develop a process for incidents or breachesand 1 more
Links to 26. Anonymously report incident

26.
Anonymously report incident

Assigned to All Staff (My Org) and Privacy Officer (My Org)
30 mins

Do your staff members have the ability to anonymously report an incident? This is an example of a staff member anonymously reporting an incident.

Linked from 25. Process Documentation for Incidents or Breaches
Links to 27. Anonymous Incident Report

27.
Anonymous Incident Report

Assigned to Privacy Officer (My Org)

This is the document that represents an anonymous incident report of a minor or meaningful breach or incident.

Linked from 26. Anonymously report incident
Links to 28. Investigate the Incident

28.
Investigate the Incident

Assigned to Privacy Officer (My Org)
1 day

Track and manage the investigation of the incident and document the steps you have taken for the investigation.

Linked from 27. Anonymous Incident Report
Links to 29. Investigation Report of minor or meaningful breach or incident

29.
Investigation Report of minor or meaningful breach or incident

Assigned to Privacy Officer (My Org)

This is the document of your Investigation Report of the breach or incident.

Linked from 28. Investigate the Incident

Ready to get started?

Try this template and more today and See How Work Happens™!

Start a Diagram
...®

See How Work Happens.TM

  • ...
  • pinterest
  • linkedin
  • youtube
Product
  • Features
  • Security & Privacy
  • Pricing
  • Release Notes
Use Cases
  • Planning
  • Management
  • Writing
Support & Learn
  • Knowledge Base
  • Blog / News
  • Contact Support
  • Templates
  • Integrations
  • Professional Services
Legal
  • Privacy Policy
  • Cookie Policy
  • Terms of Use
©2022 All Rights Reserved. TeamFlow® is a registered trademark. All rights reserved.
TeamFlow® Classic user? Please contact us at hello@teamflow.com.