Jan Elezian (jan.elezian@sunhawkconsulting.com) is a Consultant and Director at SunHawk Consulting LLC.
Is performing regular privacy walk-throughs required under HIPAA standards? Technically no, but to prove due diligence, a covered entity “must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information [PHI]” and have a HIPAA orientation for new employees and ongoing training for retained staff.[1] Walk-throughs create a venue for required administrative, physical, and technical safeguards to be accessed and any vulnerabilities identified and mitigated. Watching your staff in action is a great way to make sure your employees are following HIPAA standards and your facilities’ privacy and security policies and procedures. A walk-through compares your privacy and security requirements with actual employee practices.