Annual HIPAA Review for Cybersecurity

By Compliance Dashboard

on February 14, 2024

Share:

The best defense is a good defense! You hear about cybersecurity all the time, and shoring up your defenses and reviewing HIPAA materials on an annual basis is key.

Here is a list of materials to review annually and a brief explanation of each:

Privacy and Security Policies

- All self-insured plans must have a written Privacy Policy detailing your organization’s PHI- related rules and procedures.
- A Security Policy is required to document how your organization will protect ePHI through its policies and procedures.

Risk Analysis

- - This is a comprehensive assessment of all business processes where ePHI may be created, received, maintained, or transmitted.
  - Regularly evaluating security needs is crucial in maintaining HIPAA compliance and cybersecurity.

Plan Amendments

- HIPAA amendment language must be current! Review and edit when there are regulatory changes, or when you’ve made changes to your Plans or benefits.

Business Associate Agreements

- - These should be stored securely and reviewed annually to accurately reflect the business relationship for each Business Associate.

Notice of Privacy Practices

- This should be regularly reviewed to ensure that it reflects your current policies, and distributed regularly and available to everyone.

Your Workforce Training

- Train staff with access to PHI annually, as a response to newly identified cybersecurity threats, or when the business adds, removes, or changes physical or technical infrastructure.

Pro tips!

Create reminders for assessment, review, and amendments of HIPAA-required documents to help simplify the maintenance process.
Rely on your team! Include staff responsible for creating and amending documents in regular reviews.
Be proactive! Once you’ve followed the step-by-step tasks within HIPAA10, you’re set up to simply review and amend your HIPAA documents.

Check out this HIPAA Annual Review Checklist for a printable resource!

More From the Blog

View all

The HIPAA Reproductive Health Privacy Rule: What Brokers and HR Need to Know Now

It’s official — the HIPAA Reproductive Health Privacy Rule is gone. After the Purl v. Department of Health and Human Services decision, HHS did not appeal, meaning the rule’s privacy protections for reproductive health care…

Autumn Essentials: Compliance Notices & Better Benefits Communication

Learn the timing, requirements, and red flags for Summary Annual Reports and Medicare Part D Notices, plus how to communicate them clearly. Then, shift gears to presentation skills: from structuring enrollment meetings to keep employees engaged, to using transparency and behavioral psychology to build trust and guide better decisions.

From Chaos to Clarity: Your Open Enrollment Game Plan

Every year, open enrollment brings new rules, new deadlines, and new headaches—but this year, you can be ahead of the game. This isn’t another boring compliance lecture. We’re breaking down plan document mysteries and open enrollment chaos into actionable steps you can actually implement without needing a law degree.

Products

Products by Name

Solutions by Role

Solutions by Need

Solutions by Industry

About

Resources

Terms of Use Privacy Policy

2025 State of Workplace Empathy Report

Schedule a 20-minute demo