The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has significantly changed business practices and policies for all Covered Entities (CE).
As with many other Regulatory issues, HIPAA is largely a call to a strong control environment, with a focus on the necessary security safeguards to ensure the security of patients. Contrary to prevailing opinion, the achievement of HIPAA Security compliance is not reliant on complex technology solutions and strategies, but rather on simpler people and process-oriented control environment issues.
Our HIPAA Services are sufficiently structured to ensure that we address the most critical compliance issues, yet flexible enough to address the complex architectures and disparate systems that are typical in the Health Care Community.
- Define an appropriate scope – The scope can minimally include Security Safeguards compliance or extend to optimally include encompassing other regulatory compliance and business-impacting issues. Optionally, Capability Maturity Modeling can be used to provide a means of quantifying the current control environment and documenting future improvements.
- Validate Buy-in – The full commitment of key management (Board, CEO / CFO / CIO) is essential. The “tone at the top” is one of the single most critical elements of a control environment.
- Identify & Document Security Deficiencies – Identify where electronic Patient Healthcare Information resides. Control procedures are reviewed and tested and deficiencies are identified. according to HIPAA Security Safeguards or a broader Risk Assessment approach depending upon the client’s needs.
- Gap Analysis and Remediation Plan – Develop control deficiency mitigation plan and address Security Safeguard issues via a logical, structured, and efficient approach.
- Monitor – Establish procedures for ongoing monitoring of Security Safeguards.
HIPAA Downloadable Resources
- Third Party Vendor Risk Management
- ISO 27001 Implementation Roadmap
- An Introduction to ISO 27001
- Driven To ISO 27001 – Driven By ISO 27001
- Is ISO 27001 Right for (Y)our Organization?
- ISO 27001 Case Study
- Mapping HIPAA to ISO 27002