A review at what was included in 2022 HIPAA compliance checklist?

Practices must follow HIPAA to protect sensitive patient data.

Practices must know HIPAA privacy rules. HIPAA privacy rules require technical and non-technical protections.

1. Understand HIPAA Privacy and Security Rules 2022

HHS focuses on investigating small breaches, emphasizing PHI protection in psychology & mental health.

2. Determine if the Privacy Rule affects you

HIPAA defines these individuals and organizations as covered entities:

  • Health care providers
  • Doctors
  • Clinics
  • Psychologists
  • Dentists
  • Chiropractors
  • Nursing homes
  • Pharmacies
  • Health Plan
  • Health insurance companies
  • HMOs
  • Company health plans
  • Government-provided health care plans
  • Healthcare clearinghouses

These entities process healthcare data from anotherentity into a standard form.

3. Protect the right types of patient data

HIPAA defines PHI as identifiable health information. This can be in any form of media, from paper and electronic to verbal communications.

This includes various patient data types:

Names and birthdates

Social Security Numbers

Medical record numbers

Photographs and digital images

Patient data includes birth, death, treatment, illness, and care dates.

Contact information such as telephone numbers, physical addresses, and email.

Fingerprints and voice recordings

Any other form of unique identification or account number

4. Prevent potential HIPAA violations

The most common type of violation is internal and not the result of any outsider hack or data breach. Typically, violations stem from negligence or only partial compliance with the Privacy Rule.

Unlocked workstations and misplaced files are common HIPAA violations. Improperly configuring software like Office 365 can lead to unintentional HIPAA violations. However, something like a lost or stolen laptop with PHI isn’t necessarily a violation in and of itself. Compliant encryption of PHI protects from fines or penalties.

Here are some of the basic steps you can take to prevent HIPAA violations:

Understand data breaches

A data breach doesn’t necessarily have to be an external hack. HIPAA defines a data breach as unauthorized access to PHI. Preventing data breaches requires strong cybersecurity, internal security, and training.

Recognize common violations

HIPAA violations: theft, hacking, malware, break-ins, improper sharing, public discussions, social media. Knowing these common violations will help you prevent them from occurring.

Anticipate a minor breach

A minor HIPAA breach affects under 500 people. The HIPAA requires actions for minor breaches. Have processes in place in case what HIPAA defines as a minor breach takes place.

Prep for a meaningful breach

A meaningful breach affects over 500 people within a given jurisdiction. Minor HIPAA breaches must be reported to HHS OCR within 60 days. You should also be ready to notify affected parties and law enforcement immediately.

5. Stay updated on HIPAA changes

Some highlights of the 2022 HIPAA update include potential changes to:

  • Patient acknowledgment of notice of privacy practices
  • The minimum necessary standard for PHI protection
  • Allowable disclosures related to care coordination and case management
  • Disclosures of PHI for health emergencies
  • Citizens’ rights to access their protected health information (PHI)
  • Fees that organizations may charge individuals to access PHI

Monitor 2022 HIPAA updates to maintain compliance.

6. Know how COVID affects HIPAA

PHI is now handled in more locations and on personal devices. To account for this, the HHS CSC decided to suspend HIPAA-related fines and penalties for a time.

However, extra PHI precautions are needed for work-from-home and telehealth. Define and control device ownership clearly for PHI handling.

HHS released guidelines for treating vaccination status as PHI. The HHS guidelines specify how patient vaccination PHI can be disclosed. Review HHS vaccination PHI guidelines, update compliance processes, & train staff on proper disclosure.

7. Document everything

One of the best things you can do is to document as much as possible related to your HIPAA compliance efforts. Use custom HIPAA software to track security, sharing, & breaches.

8. Report data breaches

One of the best things you can do is to document as much as possible related to your HIPAA compliance efforts. Use custom HIPAA software to track security, sharing, & breaches.


AltuMED PracticeFit is one of the Industry Leading, HIPAA compliant Medical Billing Software. PracticeFit is the intuitive advocate that your company needs to compete in this cut throat Medical Billing industry. Sign up today and claim your free subscription.

Subscribe to Our Newsletter!


Subscribe to Our Newsletter!

Enter Your Email Address. We Promise We Won't Spam You

Relevant Articles

Follow Us

Subscribe to newsletter

Enter your email to receive our newsletter, so you can stay in the loop with our latest promos.

Subscribe to Our Newsletter!

Enter your email address to

receive "Go Practice" as an email newsletter.