HIPAA Compliance Assessment Services
Why are Health Insurance Portability and Accountability Act (HIPAA) Compliance Assessments So Critical?
Compliance with HIPAA and Health Information Technology for Economic and Clinical Health (HITECH) Act is mandatory, and noncompliance can quickly escalate to penalties that can impact your organization. These penalties can come in many forms, including loss of business due to the erosion of trust from patients, employees, vendors and other alliances.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a final rule that implemented a number of provisions of the HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009. The intent of these provisions is to strengthen the privacy and security protections for health information established under HIPAA.
Consider the following critical questions related to your HIPAA compliance:
- Have you recently reviewed and updated your HIPAA/HITECH policies and procedures?
- Have you performed a recent HIPAA/HITECH security and privacy risk analysis?
- Have all of your risks and vulnerabilities been identified and mitigated?
- Have you included the coverage of electronic Protected Health Information (ePHI) stored on mobile devices such as smart phones, tablet computers and flash drives?
- Will your HIPAA compliance withstand regulatory scrutiny?
- Have you formally documented your annual HIPAA training and monitoring of computer networks that store ePHI?
If you answered “no” to any of these questions, these could be serious areas of concern for your HIPAA compliance. RKL’s approach is customized to each client’s needs. Our team can assist with evaluating a current program or help to implement a new program. RKL consultants assist organizations with the following HIPAA and HITECH Act compliance-related services:
Evaluate HIPAA Program
Have you taken a look at your established program recently? RKL’s consultants can help ensure compliance by evaluating the following:
- Previously performed HIPAA risk assessment
- Current HIPAA policies and procedures
- Roles and responsibilities for program
- Current controls protecting HIPAA data
- Current IT controls protecting electronic HIPAA data
- Effectiveness of the control monitoring process
Implement/Manage HIPAA Program
RKL’s consultants can help you implement a program and manage it moving forward, which takes the burden off your internal team and ensures compliance. Our team is equipped to:
- Perform the HIPAA risk assessment
- Implement HIPAA policies and procedures
- Define and implement program roles and responsibilities for program
- Implement controls to protect HIPAA data
- Implement IT controls to protect electronic HIPAA data
- Help perform control monitoring
Compliance Solutions Designed for Your Organization
Our highly experienced, credentialed team will work with you to customize a compliance plan that fits your organization without having to manage multiple service providers.
- Readiness review. Determines how closely your organization complies with existing regulation. This includes reviewing documentation, interviewing selected managers and producing general observations.
- Compliance assessment. Evaluates and analyzes policies, procedures and documentation. This includes interviewing staff and testing existing processes and controls.
- Risk assessment. Identifies threats to the confidentiality, integrity and availability of protected health information. It also documents controls to mitigate identified threats.
- Policies. Instructs the organization on how to establish specific organization requirements to meet HIPAA mandates.
- Procedures. Guides the organization with tasks to accomplish policy requirements.
- Training. Teaches employees how to implement the policies, procedures and industry best practices to meet HIPAA requirements. Training is customized to the experience levels of attendees.
RKL is uniquely positioned to bring our extensive experience in healthcare industry and IT consulting to your practice to deliver solid advice and practical solutions to your compliance efforts. Our trusted team draws upon their diverse experience in compliance, IT and cyber security to address all aspects of your HIPAA compliance obligations. Members of our team possess certifications in:
- Certified Information Security Systems Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified Ethical Hacker (CEH)
- Certified HIPAA Professional (CHP)
Let’s talk about your organization’s HIPAA compliance needs. Contact Stephanie S. Kessler, RAC-CT, Partner in RKL’s Senior Living Consulting Group, at 717.843.3804 or firstname.lastname@example.org.