HIPAA Compliance Assessment
What is HIPAA Compliance?
Protecting the confidentiality, integrity and availability of patient information by healthcare organizations became a legal requirement via the Health Insurance Portability and Accountability Act, (HIPAA), which came into enactment in 1996.
HIPAA Compliance is a US federal law, designed to protect the privacy of individually identifiable patient information, both physically and electronically. It provides continuity and Portability of health benefits to individuals in between jobs and also provides measures to combat fraud and abuse in health insurance and health care delivery (Accountability).
HIPAA Compliance is applicable to 3 Covered Entities (CE). They are:
- Health care providers who transmit information electronically (e.g., physicians, hospitals)
- Health care insurance companies; and
- Health care clearing houses (facilitators for processing of health information for billing purposes)
Detailed Approach of HIPAA Compliance
Achieving, maintaining and demonstrating compliance with HIPAA means companies must implement HIPAA’s administrative, physical and technical safeguards, exercise heightened diligence over vendors where they share PHI and meet the HIPAA breach notification requirements. ajnaa suggests the following to comply with HIPAA:
- Assess your business – Determine if HIPAA applies to your business; conduct a gap analysis against HIPAA requirements; determine cross-compliance overlap; and map processes to determine the scope and reach of HIPAA to business activities, data, systems/applications and vendors.
- Implement HIPAA compliance – Develop or enhance policies to comply with HIPAA; build a successful vendor management program; implement individual rights mechanisms; and develop a privacy impact assessment.
- Maintain compliance – Perform a thorough annual risk assessment and maintain ongoing compliance activities (i.e., policy updates, employee training, vendor assessments, etc.).
Reports and Recommendations
Once our assessment is complete you will receive a HIPAA Compliance Report, which contains:
- HIPAA Regulatory Compliance Dashboard - a graphical snapshot of your compliance overall, and compliance per category.
- HIPAA Regulatory Compliance Matrix – documenting the compliance status for each standard and implementation specification.
- Synopsis of HIPAA Regulatory Compliance Issues and Remediation Recommendations, organized by security rule category. This synopsis describes compliance findings and presents remediation recommendations.
- Synopsis of HIPAA Regulatory Compliance Enhancement Recommendations - presents recommendations for further enhancing protections in areas that have been found to be compliant, but not optimal.
- Standards and Implementation Specification Detail - organized by security rule category. This section includes specification descriptions, assessment findings, compliance status, compliance and/or enhancement recommendations, and supporting document and evidence.