The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 by the US government, and provides rules and regulations for protecting privacy of Patient Health Information (PHI - Protected Health Information) and security of Electronic records stored or transmitted by a Covered Entity or their Business Associates. This includes PHI in any form - physical copy, electronic or oral. PHI constitutes of individually identifiable patient information such Name, health records, demographic information, contact information, Social Security Number etc.
Any company, whether its a Covered Entity(CE) or Business Associate(BA), that deals with Protected Health Information (PHI) should have all the security measures - Physical, Network and Processes to ensure compliance with HIPAA guidelines. A Denver based public health clinic paid $400,000 as HIPAA breach penalty, when a phishing attack led to data compromise of 3200 patients. This could easily been avoided with a compliance program which also includes cyber security awareness training for employees.
HIPAA Risk Analysis:
Risk Management is one of the critical steps in getting compliant with HIPAA guidelines. HIPAA requires Covered Entities and Business Associates to “conduct an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI)”.
Crossbow can help you in identifying the risk scenarios and implement adequate security controls to mitigate risks. Once the controls are implemented we will do a risk reevaluation to ensure the controls are implemented in the right manner.
HIPAA Compliance Audit and Report:
An attested report from an independent auditor is the best way to demonstrate HIPAA Compliance. Crossbow follows a 5 step approach to get you compliant with HIPAA
- Gap Assessment: Identify gaps with regard to Physical, Network and Processes
- Risk Assessment: Assessment and documentation of risk scenarios, risk scores and prepare a risk treatment plan to reduce risks to acceptable levels
- Controls Implementation: Crossbow consultants will handhold you in implementing the right set of controls to fix the gaps.
- HIPAA Compliance Audit: These will be phase where our HIPAA Consultants validate if all the gaps are fixed and also do a risk re-evaluation to ensure acceptance
- HIPAA Compliance Report: On successful completion of audit we will issue a comprehensive report which you can share it with your customers or business partners to showcase compliance with HIPAA.
Get in touch, let’s evaluate your risks.