HIPAA
HIPAA: What is it?
HIPAA Privacy Rule
The Privacy Rule standards address the use and disclosure of individuals’ health information (known as “protected health information”) by entities subject to the Privacy Rule.
These individuals and organizations are called “covered entities.” The Privacy Rule also contains standards for individuals’ rights to understand and control how their health information is used. A major goal of the Privacy Rule is to ensure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high-quality health care and to protect the public’s health and well-being. The Privacy Rule strikes a balance that permits important uses of information while protecting the privacy of people who seek care and healing
Our approach
Insight. Creativity. Technology.
Proven methods applied in a consistent manner to help achieve security through compliance
Save Time
We carefully assets your current environment to determine the the level of effort and timeline for your HIPAA compliance journey
Concentrate on Business
We work with you on the best path of implementation to obtain your HIPAA compliance
Enhanced security
We work with you on the best path of implementation to maintain HIPAA compliance
3
Main areas of focus; Technical, Physical, Administrative
71
Individual controls
6-8 months
Avg. time to become HIPAA compliant
$16k
Fine per incident
HIPAA Compliance Process
SCOPE
Here we determine what portions of your business should be included in the HIPAA compliance assessment. This is also where we help you determine where data is located and any additional items that may need to be assessed.
GAP ASSESSMENT
Here we learn about your existing information security posture and determine the gap between your current state and achieving HIPAA compliance.
RISK ASSESSMENT
Here, we determine where your organizations information security risks are greater than your risk appetite and develop a Risk Remediation plan to address them.
READINESS ASSESSMENT
Once we have established we are meeting our HIPAA requirements, an independent review will be conducted to ensure the completeness and accuracy of the project.
Frequently Asked Questions
The HIPAA rules apply to both Covered Entities and their Business Associate
The U.S. Department of Health & Human Services (HHS) Healthcare Providers, Health Plans, and Healthcare Clearinghouses are all Covered Entities. Healthcare Providers are hospitals, doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies that are considered Healthcare Providers and need to be HIPAA compliant.
A Business Associate is any entity that uses or discloses PHI on behalf of a Covered Entity. Furthermore, a Business Associate is any person who, on behalf of a Covered Entity, performs (or assists in the performance of) a function or activity involving the use or disclosure of PHI.
Simply…A business Associate is a vendor or subcontractor who has access to PHI.
Here are some examples of potential Business Associates:
- Data processing firms or software companies that may be exposed to or use PHI
- Medical equipment service companies handling equipment that holds PHI
- Shredding and/or documentation storage companies
- Consultants hired to conduct audits, perform coding reviews, etc.
- Lawyers
- External auditors or accountants
- Professional translator services
- Answering services
- Accreditation agencies
- e-prescribing services
- Medical transcription services