Disclaimer: This is an example of a student written essay.
Click here for sample essays written by our professional writers.

This essay may contain factual inaccuracies or out of date material. Please refer to an authoritative source if you require up-to-date information on any health or medical issue.

5 Steps to Achieve HIPAA Security Compliance

Paper Type: Free Essay Subject: Health And Social Care
Wordcount: 1243 words Published: 14th Jul 2021

Reference this

HIPAA privacy and security rules work together for purposes of governing how a health institution handles and manages the information of a patient. The privacy rules of HIPAA cover the methods which a health practitioner can use to disclose the information of a patient (Beaver and Herold, 2004). The security rules of HIPAA provide the standards to use in safeguarding and protecting information of a patient. This is while permitting an appropriate use and access of the information under consideration (Carter, 2009). This leads to the promotion of the use of electronic health care information (e-PHI). This is a major goal of the HIPAA security system. The HIPAA security rules require that there is maintenance of an appropriate and reasonable technical, administrative and physical safeguard. This is with the intention of protecting the e-PHI. It is essential for an institution to (Beaver and Herold, 2004),

  • Ensure the availability, confidentiality, and integrity of any e-PHI system that is created, maintained, and transmitted.
  • Identification and protecting of any anticipated threats to the integrity and security of the e-PHI.
  • Protection against the impermissible use of a patient’s electronic data.
  • Ensuring that the workforce complies with these standards and procedures.

This is a memo that gives an overview of how the hospital organization can achieve HIPAA security compliance. The following are the steps the hospital organization can follow, for purposes of achieving HIPAA compliance.

The first step in working towards HIPAA compliance is to carry out a risk assessment. A risk assessment helps in equipping the hospital organization with accurate information where it stands, in regard to HIPAA security compliance (Carter, 2009). This helps the institution to decide on the levels of risks that are acceptable, and the levels of risks that are not acceptable. Furthermore, risk assessments help in revealing the various steps that the hospital organization can use, in achieving compliance with HIPAA security rules or guidelines (Beaver and Herold, 2004). Most health care organizations normally think that they have carried out a health care assessment, and in reality they have not. This is because a risk assessment must comprise of a study of all devices that store, maintain, generate, and transmit e-PHI. These health care organizations normally overlook devices or tools that are not on the network of the facility (Maiwald and Sieglein, 2002). For instance, the respiratory therapy tools normally generate information of a patient, and they are not connected to the information technology network of a facility (Carter, 2009). This is because they are normally plugged in, during the process of therapy, and taken out when the process is complete. An effective risk assessment program will analyze all these components of a health care organization, and identify all the acceptable and unacceptable risks that the organization faces (Carter, 2009).

Get Help With Your Essay

If you need assistance with writing your essay, our professional essay writing service is here to help!

Essay Writing Service

The second step is collaborating with the stakeholders of the health care institution. Cooperation and collaboration amongst the stakeholders of the health care organization is an important element in ensuring that the organization would build effective and efficient HIPAA security compliance strategies (Beaver and Herold, 2004). Collaboration that occurs amongst the decision makers of the health care institution is essential in ensuring that there is a lasting and successful alteration of the security and privacy policies of the organization (Keller, 2013). This is because people will have an opportunity to contribute ideas and opinions on how best to develop the HIPAA security compliance system (Carter, 2009). The contribution of these stakeholders helps in safeguarding against unrealistic or inadequate policies, especially the policies that would affect the care of a patient (Maiwald and Sieglein, 2002). The stakeholders of the health care institution have experienced different parts of a problem, and their contribution will help in getting a solution to the problem, and on how to improve the security of the system, or health care organization (Carter, 2009).

The third step is crafting a policy aimed at creating a solution that will make the organization to be HIPAA security compliant. These measures have to target the entire organization, and not a specific department (Maiwald and Sieglein, 2002). To achieve success, it is necessary to receive input from various departments of the hospital organization. This would help to develop a policy that serves the needs of the entire organization (Beaver and Herold, 2004). Take for instance, the lab department of the health care organization. The lab department receives very few visitors, when compared to the radiology department. When creating an HIPAA security compliance policy, it is necessary for the organization to write a policy that satisfies all their needs. For example, the organization can create a policy that, every computer screens that contain information of a patient should not be viewed by the public. This policy is applicable in a lab department, which has few visitors, but it is not applicable in a radiology department, which has many visitors (Beaver and Herold, 2004). To serve the needs of these departments, the organization can create a password system that would allow employs and patients to view their information that is stored in the organizations computer database.

The fourth and the fifth steps involves a review of the purchase of capital tools, in the perspective of risk management and creation of the culture of accountability (Carter, 2009). When making decisions regarding capital purchase, it is essential that the organization should consider factors such as the total cost and the purchase price of the equipments (Keller, 2013). It is also important for the organization to consider the standards of security that these equipments come with. It is important to analyze the security features of the products, and judge whether they are compatible with the HIPAA security requirements. Developing a culture of accountability helps in encouraging the members of staff to report any problems that arise out of breaches of the HIPAA security compliance regulations. This will help the organization in improving its systems, and correcting the various mistakes that arise out of a breach of the HIPAA security regulations.

In conclusion, by following these five procedures, the organization will manage to create an effective solution that will help it to achieve HIPAA security compliance. Through these actions, the company would avoid the various laws suits and fines that may emanate from breaching the privacy of its patients, and employees.


Beaver, K., & Herold, R. (2004). The practical guide to HIPAA privacy and security compliance.

Boca Raton: Auerbach Publications.

Carter, P. I. (2009). HIPAA compliance handbook. Austin, Tex.: Aspen Publishers/Wolters

Kluwer Law & Business.

Keller, J. J. (2013). HIPAA Essentials. Neenah: J.J. Keller & Associates, Inc..

Maiwald, E., & Sieglein, W. (2002). Security planning & disaster recovery. New York:



Cite This Work

To export a reference to this article please select a referencing stye below:

Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.

Related Services

View all

DMCA / Removal Request

If you are the original writer of this essay and no longer wish to have your work published on UKEssays.com then please: