1. Find, track, and account for all patient protected health information – this is especially important if you carry PHI on iPhones, computers, and medical equipment.
2. Conduct a self-audit every year – Most all physician practices "think" they are in full HIPAA compliance when in fact very few are.
3. Make sure employees are trained on HIPAA – And make sure this training is documented.
4. Make sure all relevant Business Associate Agreements have been executed – Also make sure your business associates are taking the necessary steps to protect your patients' PHI.
5. Develop, implement, and follow HIPAA policies and procedures within your medical practice – A review of compliance with these policies should be a part of your annual self-audit.
