◾ Review policies and procedures to ensure they are up to date and comprehensive.
◾ Review your files and documentation to ensure that appropriate patient information safeguards exist.
◾ Assess your organization's general management style to determine its effectiveness, specifically with respect to safeguarding information.
◾ With respect to the Security Rule, review your risk analysis process, risk management plan, incident response plan, emergency backup plan (if any), and breach response plan.
◾ Conduct regular internal audits. Self-evaluation should be standard practice
◾ Build and maintain a culture of compliance within your organization. This includes a regular review of policies and procedures to ensure full compliance with HIPAA.
◾ Provide regular training sessions for staff members.
◾ Create an action plan for prompt response to incidents.