HIPAA Privacy and Security and the HITECH Act Compliance Audits and Consulting
The HIPAA Privacy, Security and the HITECH Act are the pillars of the privacy Standards in the healthcare industry for Protected Health Information (PHI). HIPAA and the HITECH Act apply to HIPAA Covered Entities.
The HIPAA Privacy Rule covers:
- Health plans
- Health care clearinghouses
- Health care providers who conduct certain financial and administrative transactions electronically. These electronic transactions are those for which standards have been adopted by the Secretary under HIPAA, such as electronic billing and fund transfers.
The HIPAA Privacy Rule (45 CFR Part 160 and Subparts A and E of Part 164) provides that a covered entity must have in place appropriate administrative, physical, and technical safeguards as well as documented organizational policies and procedures to protect the privacy of protected health information. (See 45 CFR 164.530(c)(1).)
The HIPAA Security Rule (see 45 CFR Part 160 and Subparts A and C of Part 164) provides that a HIPAA covered entity must ensure confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains or transmits by complying with various administrative, physical, and technical safeguards. (See 45 CFR 164.306(a), (c).)
Your firm, if it is a HIPAA covered entity, must have a specific budget for HIPAA security and a HIPAA breach notification communications plan.
Additionally, if you are a health care provider that attested for Meaningful Use of Electronic Health Records, you are subject to the ARRA HITECH Act and Meaningful Use of Electronic Health Records, which mirrors HIPAA regulations and expands on them. See 45 CFR 170.302 (o) and other provisions.
Key service offerings help you comply and minimize the risk of HIPAA breaches:
HIPAA Privacy and Security and the HITECH Act provide for Standards, and there are generally accepted methods for determining compliance of a HIPAA Covered Entity.
- HIPAA compliance gap analysis
- Document collection pre-assessment
- On-site visit
- HIPAA Policies & Procedures, Safeguards
- ARRA HITECH Act of 2009, Meaningful Use of Electronic Health Records, and HIPAA
- Business Associate Assurance, which provides:
- An independent evaluation that your firm demonstrates good HIPAA Policies and Procedures
- A Certificate that you can present to clients
- Annual updates of policies and procedures (any your firm adds mobile devices, new offices, training programs, or other changes to your HIPAA Privacy and Security, our team can evaluate the updates for compliance relative to the latest regulations).
- Reference checking with our firm upon request (your prospects, investors, and business partners may call our expert team to assure that they are contracting with a reliable, HIPAA compliant firm).
- Management Reporting
- Penetration Testing to identify potential target areas of your enterprise that are at risk of a breach.