Getting Started with HIPAA Hub
Your first steps to achieving HIPAA compliance
Welcome to HIPAA Hub
HIPAA Hub helps small healthcare practices achieve and maintain HIPAA compliance. This guide will walk you through your first steps.
Step 1: Complete Your Organization Profile
When you first log in, you'll be asked to complete your organization profile. This information is used to customize your policies and documents.
What you'll need:
- Your practice name and address
- NPI number (if you have one)
- Number of employees
- Practice type (medical, dental, mental health, etc.)
Why it matters: This information ensures your policies are personalized to your practice.
Step 2: Complete the Security Risk Analysis
The Security Risk Analysis (SRA) is the foundation of your compliance program. HIPAA Hub will ask you about 150+ questions covering:
- How you store patient information
- Your security measures
- Your technology systems
- Your policies and procedures
Time required: 30-60 minutes
What happens next: Based on your answers, HIPAA Hub will:
- Calculate your risk level (Low, Medium, High)
- Show you your compliance status
- Create a prioritized list of action items
- Identify what documentation you need
Step 3: Generate Your Required Policies
HIPAA requires 9 core policies. HIPAA Hub can generate all of them automatically based on your organization profile and risk assessment.
The 9 required policies:
- HIPAA Security & Privacy Master Policy
- Security Risk Analysis Policy
- Risk Management Plan
- Access Control Policy
- Workforce Training Policy
- Sanction Policy
- Incident Response & Breach Notification Policy
- Business Associate Management Policy
- Audit Logs & Documentation Retention Policy
How to generate:
- Go to the Policies section
- Click "Generate" for each policy
- Review and approve each document
- Download or save as needed
Step 4: Upload Evidence
Evidence proves you're following your policies. For each policy, you can upload:
- Training certificates
- Security configurations
- Incident reports
- Audit logs
- Any other documentation that shows compliance
Why it matters: Auditors want to see proof, not just policies. Connecting evidence to policies shows you're actually compliant.
Step 5: Assign Employee Training
All staff members who handle patient information must complete HIPAA training. HIPAA Hub helps you:
- Assign training to employees
- Track completion status
- Generate certificates
- Set up renewal reminders
Step 6: Review Your Action Items
After completing your risk assessment, HIPAA Hub creates a prioritized list of action items. These are things you need to do to improve your compliance.
Action items are organized by:
- Priority: Critical, High, Medium, Low
- Risk level: What happens if you don't address this
- Timeline: When it should be completed
Step 7: Export Your Audit Package
When you're ready (or when an auditor arrives), you can export a complete audit package with one click. This includes:
- All your policies
- Risk assessment reports
- Training records
- Evidence files
- Organization information
Everything is organized and ready to present to an auditor.
Next Steps
Now that you understand the basics, explore these guides:
- Dashboard Overview - Understand what you're seeing
- Risk Assessment Guide - Complete your SRA
- Policy Generation - Create all required documents
- Evidence Management - Upload and organize proof
Need Help?
If you get stuck at any point:
- Check the specific guide for that feature
- Look at the Action Items section for prioritized tasks
- Review your Dashboard for your current compliance status
Remember: HIPAA compliance is an ongoing process, not a one-time task. HIPAA Hub helps you maintain compliance over time.