HIPAA Compliance

iStock_000036791656_SmallEvidence is mounting that the U.S. Department of Health and Human Services is beginning to crack down on medical practitioners and their Business Associates who are not acting in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and its Security Standards (the “Security Rule”). This is potentially bad news for many health care providers and vendors who work with such providers (defined as Business Associates) who have taken a less than rigorous approach toward compliance.

The Security Rule’s primary objectives are to ensure the confidentiality, integrity and availability of protected health information (PHI). In plain English, the law was written to ensure that adequate safeguards are put in place to protect patient information from (i) unauthorized access and disclosure, (ii) improper alterations or deletions, and (iii) being inaccessible when needed.  Here are just a few of the items which will be requested as part of an OCR Audit:

Administrative Safeguards

  • Risk Assessment
  • Organizational Chart
  • Information Security Polices, specifically those documenting security management practices and processes, such as: Access Control, Data Protection, Acceptable Use, Workstation Security, Workforce/HR Security (Sanction Procedures)
  • Security Incident Management Plan
  • Business Continuity/Disaster Recovery Plan
  • Data Back Up and Recovery Procedure

Physical Safeguards

  • Physical Security Policies and Procedures
  • Data Destruction and Media Reuse Procedures

Technical Safeguards

  • Encryption Policies and Procedures
  • Management’s internal control/internal audit policies and procedures relative to monitoring IT safeguards
  • User authentication policies and procedures

For businesses that haven’t yet given the Security Rule the attention it deserves, it’s not too late, but compliance is rarely a task that can be completed overnight.  Precision Business Solutions has developed a comprehensive solution for our clients in health care.  Please contact us to schedule a complimentary consultation, to learn more about your organization and how we may be able to help you achieve HIPAA Security Rule compliance.

Kirsch Orthodontics
“We use the most up-to-date technological advances available to our orthodontic office. While we’ve always kept our systems secured and our patient data safe, I wanted to ensure our advances in information security matched those advances we use in the treatment of our patients.”
Dr. Kerry Kirsch

Cardiology Associates of Altoona
cardio_logo“We not only rely on Precision Business Solutions for supporting our IT Infrastructure, but also in helping us to remain compliant with HIPAA’s Security Rule. I would recommend them to anyone working toward HIPAA Security compliance.”
Mary Thayer, Office Manager