HIPAA Remediation in the area of security is about to launch projects to address gaps identified. After gap analysis is complete, it is time to begin prioritizing remediation targets. Start on the “quick hits.” “Quick hits” can be anything that your organization is confident will require little resource and will demonstrate progress toward your goals.
Problems exist in a variety of states and influences. They will not all be of the same priority. Some problems will involve relatively flagrant or obvious violations of HIPAA privacy mandates. These will generally need to be addressed high priorities. Identify resources to work through these issues first.
After identifying resources to address the highest priority and easiest issues, schedule resources to address the longer-term remediation targets, as well as those of lower priority or of lesser risk.
After remediation, verify that the project work is satisfactorily completed, and then determine compliance (possibly use a third party to verify compliance) and communicate compliance status.
For more information about HIPAA Academy’s consulting services, please contact John Schelewitz at +1.480.633.3225 or John.Schelewitz@ecfrist.com.