HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted by Congress to improve health care in the United States by mandating standards-based security controls for the creation, storage, or transmission of electronic patient health information.

The Health Information Technology for Economic and Clinical Health Act (HITECH) was part of the American Recovery and Reinvestment Act of 2009 that was enacted by Congress and calls for the meaningful use of electronic healthcare records (EHR) and the protection and privacy of these records by increasing the original scope set out by HIPAA.  This act increases the potential legal liability and penalties of both the organization and business associates due to willful neglect.

With any HIPAA compliance program, the first mandatory thing that needs to be done is the Risk Assessment. The risk assessment goes over every aspect of the HIPAA Security/Privacy Rule and addresses each implementation specifications.

Our goal is not only to ensure the organization is appropriately securing PHI but also to ensure the “i’s” are dotted and “t’s” are crossed in terms of a Federal spot audit

We use our team’s in-depth knowledge of the regulation, frameworks, and methodologies to help you comply with existing guidelines and identify where any security gaps may exist. Our consultants have extensive experience in evaluating organizational processes to help ensure they are compliant with sufficient controls in place. We deliver data security and privacy solutions to a variety of organizations. Some of our healthcare compliance consulting services include:

  • Readiness review: We help you determine how ready your organization is to comply with existing regulations, including reviewing documentation, interviewing selected managers and making general observations
  • Compliance assessment: We initiate an evaluation that includes an in-depth review and analysis of policies, procedures and documentation, interviews with staff, and testing existing processes and controls
  • Risk assessment: We perform an accurate, thorough assessment of compliance with HIPAA/HITECH regulations by comparing potential risks and vulnerabilities to the confidentiality, integrity, and availability of protected health information
  • Policies and procedures update: We assist you in adding to or upgrading your HIPAA/HITECH policies and procedures based on findings from our readiness review or compliance assessment. Our experienced consultants can also assist in developing and implementing these policies and procedures
  • Self-assessment training: We utilize industry best practices to train your personnel on how to conduct a HIPAA/HITECH compliance self-assessment. Training can be customized to attendees’ experience levels.