Why are Health Insurance Portability and Accountability Act (HIPAA) Compliance Assessments so critical?
Compliance with HIPAA and Health Information Technology for Economic and Clinical Health (HITECH) Act is mandatory and noncompliance can quickly escalate to penalties which can impact your organization. This can be in many forms including loss of business for various reasons including losing the trust of patients, employees, vendors and other alliances.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a final rule that implemented a number of provisions of the HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009, to strengthen the privacy and security protections for health information established under the HIPAA.
Questions to Ask About HIPAA Compliance
- Have you recently reviewed and updated your HIPAA/HITECH policies and procedures?
- Have you performed a recent HIPAA/HITECH security and privacy risk analysis?
- Have all of your risks and vulnerabilities have been identified and mitigated?
- Have you included the coverage of electronic Protected Health Information (ePHI) stored on mobile devices such as smart phones, tablet computers, and flash drives?
- Will your HIPAA compliance withstand the regulatory scrutiny?
- Have you formally documented your annual HIPAA training and monitoring of computer networks that store ePHI?
Areas of Concern for HIPAA Compliance
RKL consultants assist organizations with the following HIPAA and HITECH Act compliance-related services: We have two basic approaches (1. Evaluate, 2. Implement) with several menu items under each approach.
2. HIPAA policies & procedures
3. Roles & responsibilities for Program
4. Controls protecting HIPAA data
5. IT controls protecting electronic HIPAA data
6. Effectiveness of the control monitoring process
7. Scan network devices to discover HIPAA data (non-recurring)
8. Review and evaluate employees to determine receipt of HIPAA training
2. Policies & procedures
3. Roles & responsibilities for program
4. Controls to protect HIPAA data
5. IT controls to protect electronic HIPAA data
6. Help perform control monitoring
7. Scan network devices (recurring) as part of the HIPAA program
8. Perform HIPAA training for employees
RKL Can Assist with the Following
Readiness review — Determines how closely your organization complies with existing regulation. This includes reviewing documentation, interviewing selected managers and general observations.
Compliance assessment — Evaluates and analyses policies, procedures and documentation. This includes interviews with staff and testing existing processes and controls.
Risk assessment — Identifies threats to the confidentiality, integrity and availability of protected health information. It also documents controls to mitigate identified threats.
Policies — Instructs the organization how to meet HIPAA and organizational mandates.
Procedures – Guides the organization with tasks to accomplish policy requirements.
Training — Teaches employees how to use the policies, procedures, and industry best practices to meet HIPAA requirements. Training is customized to the attendees’ experience levels.
Technical Expertise in Health Care Industry and Cyber Security
We know it is important to choose a Partner that is right for you. We understand the issues you may face. We will work with you to customize a compliance plan that fits your organization.
RKL team members hold the following industry education and certifications:
- Certified Information Security Systems Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified Ethical Hacker (CEH)
- Certified HIPAA Professional (CHP)
For more information about our HIPAA HITECH Compliance Services, click below to get in touch and one of our consultants will follow up shortly.