Guides
Start typing to search…

Best Practices for Maintaining Compliance

Maintaining Compliance

Getting to 100% is a milestone — staying there is the real work. HIPAA compliance is not a one-time checkbox; it requires ongoing attention. Here's how to stay on top of it using Accountable.

Annual Requirements

The following requirements will be reset in Accountable every 12 months:

  • Security Risk Assessment — You must complete a SRA annually to document your current compliance posture. Your previous answers can be used as a starting point
  • Policy & Procedure Review — Team members must re-acknowledge your policies each year
  • Data Inventory Review — You must review your Data Inventory every 12 months
  • Team Member Training — Both HIPAA & Security Awareness Trainings must be completed by all team members annually

The following requirements we suggest reviewing every 12 months:

  • Business Associate Agreements — Under HIPAA, BAAs must be reviewed by both parties every 12 months. We suggest re-sending them every 12 months, even if the agreement and/or relationship hasn't changed, as re-signing the agreement creates documentation that both parties reviewed the agreement

Internal Processes that should Include Compliance

Employee Onboarding

Any new employee, contractor, and/or influencer should be Invited to Accountable within a reasonable amount of time, and assigned their Team Member Requirements.

Employee Offboarding

Any team member that no longer works for/with your organization should be Offboarded.

Client Onboarding Process

After closing a healthcare client, you'll want to Add them as a BA and Send or Upload a BAA.

Client Offboarding Process

In order to keep your Accountable platform clean, when offboarding a healthcare client you can Archive their Third Party Profile.

Vendor Selection & Onboarding Process

When selecting vendors/partners, you will need to consider if they are or are willing to become HIPAA Compliant. This includes software applications that will have access to or store PHI.

When it's time to onboard a new vendor/partner who will handle PHI, you will need to Add them as a BA and Send or Upload a BAA before they access any data.

If ever curious about, or suspicious of, your vendor/partner's HIPAA Compliance, you can send them a Risk Questionnaire. Once completed, you can evaluate if their Compliance approach is acceptable. If not, you will want to find a different vendor/partner, as their lack of Compliance leaves you at risk.

Vendor/Partner Offboarding Process

In order to keep your Accountable platform clean, when offboarding a vendor/partner you can Archive their Third Party Profile.


Updated 13 days ago