Ascension Health HIPAA Web Site
Maintained by Don Stry, Information Services Division
(812) 228-2131; Email: dstry@ascensionhealth.org

---

Section: Getting Started

HIPAA High-level Basic Plan of Attack

(08/28/01)

This is a simple, basic outline of a plan of attack to address HIPAA readiness:

1. Educate yourself and your organization on HIPAA;
2. Perform your assessment;
3. Determine and document the following:
1. where your gaps are
2. what the risks are
3. what the possible solutions are
4. what the impact of the solutions are on patient care and daily operations,
4. Balance the enhanced privacy and security of PHI (protected health information) against the monetary and intangible costs for your organization to provide a level of privacy and security consistent with HIPAA and develop a project plan;
5. Implement what is effective and reasonable in your setting;
6. Monitor your readiness periodically and keep the documentation.

<<Back