Dramatic changes are taking place to secure Protected Health Information (PHI). The Health Insurance Portability and Accountability Act (HIPAA) Security Rule has been in effect since 2003. In 2009, Health and Human Services (HHS) added “business associate” to entities that must comply with the HIPAA Act of 1996. In 2009, the American Recovery and Reinvestment Act (ARRA) was signed into law. Part of this new law, the HITECH Act, included breach notification requirements for all covered entities under HIPAA.
The audit has begun. Sword & Shield has services that can help with your compliance needs.
Meaningful Use Risk Assessment
A Sword & Shield Healthcare Compliance and Security Specialist will perform a risk assessment focusing on your technology, people, environment, and processes across seven security domains; Management and Policy, Access Control, Authentication, Awareness, Content Security, Threat Management, and Encryption. The assessment uses forty-three (43) threat agents that represent internal or external events that may disrupt the organization’s processes and activities.
Currently, healthcare providers are given financial incentives to either upgrade their existing Electronic Health Records (EHR) systems or purchase a new EHR system that will deliver a secure set of electronic services as part of the HITECH Act, a provision of the American Recovery and Reinvestment Act of 2009 (ARRA). The program started in 2011 and will end in 2015. See our brochure for more information.
HIPAA Audit Gap Analysis
A Sword & Shield HIPAA specialist will perform the following tasks in order to evaluate your HIPAA compliance and work towards remediation of any deficiencies:
- Provide a baseline of your organization’s people, processes, and technology with respect to securing patient data.
- Produce a gap analysis between the baseline and the HIPAA requirements.
- Create a remediation plan, with priorities based on the risk score, which provides the ‘roadmap’ to close the gaps identified and move your organization into compliance with the HIPAA.
- Create a central repository of information relative to achieving compliance and which provides support for continuously monitoring the controls required to remain compliant.
- In consultation with your project manager, a work management plan will assign and track action items that must be completed to implement controls required by HIPAA.
- A separate proposal will be provided at the conclusion of the gap analysis for any remediation projects assigned to Sword & Shield.
- Update the repository as action items are completed to provide evidence of compliancy during the subsequent HIPAA assessments.
Questions Our Reports Answer
- Are you compliant with HIPAA Privacy and Security Rules?
- What are your risks associated with protecting PHI?
- Can a hacker get to your PHI information?
- How do you prioritize your resources (budget and time) in closing the gaps to become secure and compliant?
- What do you need to do to maintain security and compliance on a continuous basis?
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.
U.S. Toll-free: 800-810-1885