10 Red Flags for HIPAA Policy Compliance


Published on

Kelly McLendon, our Managing Director and Chief Privacy Officer, wrote an article for the May issue of the Journal of AHIMA based on his extensive knowledge and experience offering privacy and security policy and form templates.

Here are his 10 Red Flags to watch for:

  1. Policies and procedures are not searchable
  2. Policies and procedures are not well formatted or indexed
  3. Unclear and non-standardized formatting of policy document sections
  4. Policy and procedure documents too long and complex
  5. Approval processes are inefficient
  6. Tracking of who was trained on which policies and procedures is never or infrequently performed
  7. Policy manuals for privacy and security are printed out and have dust on them
  8. Going it alone
  9. Policies are outdated
  10. Policies lack security risk analysis or privacy compliance assessments

Read the entire article for all the details and commentary »

Kelly suggests you review your HIPAA and related privacy and security polices, procedures and forms on a regular basis and to keep records of version changes. It is important to be able to show OCR you have an active program to keep them up-to-date.


Kelly McLendon