HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 by the US government, and provides rules and regulations for protecting privacy of Patient Health Information (PHI - Protected Health Information) and security of Electronic records stored or transmitted by a Covered Entity or their Business Associates. This includes PHI in any form - physical copy, electronic or oral. PHI constitutes of individually identifiable patient information such Name, health records, demographic information, contact information, Social Security Number etc.

Any company, whether its a Covered Entity(CE) or Business Associate(BA), that deals with Protected Health Information (PHI) should have all the security measures - Physical, Network and Processes to ensure compliance with HIPAA guidelines. A Denver based public health clinic paid $400,000 as HIPAA breach penalty, when a phishing attack led to data compromise of 3200 patients. This could easily been avoided with a compliance program which also includes cyber security awareness training for employees.

HIPAA Risk Analysis:

Risk Management is one of the critical steps in getting compliant with HIPAA guidelines. HIPAA requires Covered Entities and Business Associates to “conduct an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI)”.

Crossbow can help you in identifying the risk scenarios and implement adequate security controls to mitigate risks. Once the controls are implemented we will do a risk reevaluation to ensure the controls are implemented in the right manner.

HIPAA Compliance Audit and Report:

An attested report from an independent auditor is the best way to demonstrate HIPAA Compliance. Crossbow follows a 5 step approach to get you compliant with HIPAA

  1. Gap Assessment: Identify gaps with regard to Physical, Network and Processes
  2. Risk Assessment: Assessment and documentation of risk scenarios, risk scores and prepare a risk treatment plan to reduce risks to acceptable levels
  3. Controls Implementation: Crossbow consultants will handhold you in implementing the right set of controls to fix the gaps.
  4. HIPAA Compliance Audit: These will be phase where our HIPAA Consultants validate if all the gaps are fixed and also do a risk re-evaluation to ensure acceptance
  5. HIPAA Compliance Report: On successful completion of audit we will issue a comprehensive report which you can share it with your customers or business partners to showcase compliance with HIPAA.

Get in touch, let’s evaluate your risks.


Pop up

We use cookies and other tracking technologies to improve your browsing experience on our website, to show you personalized content and targeted ads, to analyze our website traffic, and to understand where our visitors are coming from. While using our website, we may ask you to provide us with certain personally identifiable information, that can be used to contact you about our service offerings. By browsing our website, you consent to our privacy and cookies policy.