The HIPAA Privacy Rule (45 CFR Part 160 and Subparts A and E of Part 164) provides that a covered entity must have in place appropriate administrative, physical, and technical safeguards as well as documented organizational policies and procedures to protect the privacy of protected health information. (See 45 CFR 164.530(c)(1).)

The HIPAA Security Rule (see 45 CFR Part 160 and Subparts A and C of Part 164) provides a covered entity must ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains or transmits by complying with various administrative, physical, and technical safeguards. (See 45 CFR 164.306(a), (c).)

Your firm, if it is a HIPAA covered entity, must have a specific budget for HIPAA security and a HIPAA breach notification communications plan.

Additionally if you are health care provider you are almost certainly impacted by the ARRA HITECH Act and Meaningful Use of Electronic Health Records, which mirrors HIPAA regulations and expands on them with respect to;: Access control, Emergency access, Automatic log-off, Audit logs, and more.  (See 45 CFR 170.302 (o) and other provisions).

Key service offerings help you comply and minimize the risk of HIPAA breaches:

  • HIPAA compliance gap analysis
    • Document collection pre-assessment
    • On-site visit
  • HIPAA Policies & Procedures, safeguards
  • Meaningful Use and HIPAA
  • Business Associate Assurance
    • An independent evaluation that your firm demonstrates good HIPAA Policies and Procedures
    • A Certificate that you can present to clients
    • Annual updates (any your firm time adds mobile devices, new offices, training programs or other changes to your HIPAA Privacy and Security, our team can evaluate the updates for compliance relative to the latest regulations).
    • Reference checking with our firm upon request (your prospects, investors and business partners may call our expert team to assure that they are contracting with a reliable, HIPAA compliant firm).
  • Management Reporting
  • Penetration Testing to identify potential target areas of your enterprise that are at risk of a breach.

Leave a Reply