"More than IT"          951-732-7401     

HIPAA Compliance Services

What is HIPAA compliance?

HIPAA compliance is not a single event, but an ongoing process. First you must become HIPAA compliant, then you must stay HIPAA compliant. It is required by law, and it is a good business practice.

HIPAA by definition:

HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of health-care information and help the health-care industry control administrative costs.

Basically a set a set of regulations or requirements to protect health care information. These are by no means the maximum standards, but the minimum standards necessary. The penalties imposed are based on the individual’s willingness and attempt at compliance.

The 3 parts of HIPAA Compliance

Administrative Safeguards – policies and procedures designed to clearly show how your business will comply with the law.

Physical Safeguards – controlling physical access to protect against inappropriate access to health-care data.

Technical Safeguards – controlling access to computer systems and enabling covered entities to protect communications containing PHI transmitted electronically over open networks from being intercepted by anyone other than the intended recipient.

According to HHS, the most common businesses found to be deficient and required to take corrective action in order to be in compliance are: (listed by frequency)

  1. Private Practices
  2. Hospitals
  3. Outpatient Facilities
  4. Group plans such as insurance groups
  5. Pharmacies

When do you need to be in compliance?

According to the AMA website –
HIPAA: Health Insurance Portability and Accountability Act
September 23, 2013 was the HIPAA privacy and security deadline

The U.S Department of Health & Human Services (HHS) recently adopted new rules which make changes to existing privacy, security and breach notification requirements in what is often referred to as the final "HIPAA Omnibus Rule." These new rules stem from changes made under the Health Information Technology for Economic and Clinical Health (HITECH) Act which is part of the same law that created the Electronic Health Records (EHR) Incentive Program under Medicare and Medicaid.

All covered physician practices must update their HIPAA policies and procedures and otherwise implement the changes required by these regulations no later than the September 23, 2013 compliance date. These new rules will mean physicians will need to update their Business Associate Agreements (BAAs) and their Notices of Privacy Practices (NPPs) and it will require they understand the importance of encryption electronic protected health information.

There are many resources for dealing with HIPAA compliance on the Internet, trade associations, and many others. But as you can see from the above information dealing with HIPAA compliance can be a daunting undertaking. Because of this, we allow our clients to choose their level of participation in the HIPAA compliance process. We can do anything from providing minimal direction and guidance, to providing complete analysis, documentation, testing, and should an audit occur (assistance with the audit). What we find works best is a combination of our help in the more complex matters and the client doing the work at which they are most efficient.

The process of becoming HIPAA compliant

Risk Analysis

This is the time when we examine the practices, processes and procedures as they relate to HIPAA compliance and designate how they must be changed to comply. We formulate a complete plan to bring your practice into HIPAA compliance (lists of processes and procedures, estimates of times and materials)

Documentation / completion of processes and procedures

All necessary documentation including documenting, evaluating, and testing all processes or procedures.

Training

HIPAA requires that all individuals be informed and trained as to the responsibilities with regard to HIPAA compliance (this training must be completed annually).

Audit

Although this audit is a self-audit. It should to be completed annually and recorded.

What we offer:

  • We analyze your physical, technical and administrative procedures, practices, and policies to identify deficiencies.
  • We will create a network diagram, and identify required security policies and procedures.
  • We will start your HIPAA Compliance Documentation book.
  • We will identify required procedures, HR policies, remedial procedures to become HIPAA compliant.
  • We will provide you a road-map for the completion of your HIPAA compliance.

Risk Analysis  phase deposit and the signed agreement to proceed.

Completion of HIPAA Compliance

This phase is completed as an hourly rate, as each site deficiencies are unique and can not be anticipated at the start of the project. The amount of help your business requires is  determined by you and your staff. We will assist you in the completion of your HIPAA compliance documentation and remedies as requested.

Training of all employees on HIPAA requirements is mandatory.

Staying In HIPAA Compliance

The requirements to stay in HIPAA compliance are:

  • Quarterly review of system logs, recording anomalies and remedies.
  • Annual penetration testing of the network internal and external.
  • Annual Review Training for all employees.

How we can help

Network and Workstation monitoring services are available for a additional monthly fee from Network Solutions and Consulting Services. This service provides automated monitoring and alerting of your network and devices.

HIPAA compliance consolation as requested including quarterly reviews.

Annual penetration testing.

Annual Review Training.

 

‚Äč