One HIPAA manual, four major gaps
I was given a HIPAA compliance policy manual and asked to review it, propose revisions, and explain my reasoning. The manual belonged to NAIPTA, the Northern Arizona Intergovernmental Public Transportation Authority and was adopted in April 2017. While it demonstrates a solid foundational commitment to HIPAA compliance, it is now approaching nearly a decade old. It was last updated April 19, 2017. Almost eight years have passed, during which the HHS Office for Civil Rights has issued updated guidance, the 2013 Omnibus Rule has been in full effect, and proposed modifications to the HIPAA Privacy Rule were introduced in 2021. None of that was reflected in this manual. ...