Dramatic changes are taking place to protect Private Health Information (PHI). The Health Insurance Portability and Accountability Act (HIPAA) Security Rule has been in effect since 2003. In 2009, Health and Human Services (HHS) added “business associate” to entities that must comply with the HIPAA Act of 1996. In 2009, the American Recovery and Reinvestment Act (ARRA) was signed into law. Part of this new law, the HITECH Act, included breach notification requirements for all covered entities under HIPAA.
The audit has begun. Sword & Shield has services that can help with your compliance needs.
Meaningful Use Risk Assessment
A Sword & Shield Healthcare Compliance and Security Specialist will perform a risk assessment focusing on your technology, people, environment, and processes across seven security domains; Management and Policy, Access Control, Authentication, Awareness, Content Security, Threat Management, and Encryption. The assessment uses forty-three (43) threat agents that represent internal or external events that may disrupt the organization’s processes and activities.
Currently, healthcare providers are given financial incentives to either upgrade their existing Electronic Health Records (EHR) systems or purchase a new EHR system that will deliver a secure set of electronic services as part of the HITECH Act, a provision of the American Recovery and Reinvestment Act of 2009 (ARRA). The program started in 2011 and will end in 2015. See our brochure for more information.
HIPAA Audit Gap Analysis
A Sword & Shield HIPAA specialist will perform the following tasks in order to evaluate your HIPAA compliance and work towards remediation of any deficiencies:
- Provide a baseline of your organization’s people, processes, and technology with respect to securing patient data.
- Produce a gap analysis between the baseline and the HIPAA requirements.
- Create a remediation plan, with priorities based on the risk score, which provides the ‘roadmap’ to close the gaps identified and move your organization into compliance with the HIPAA.
- Create a central repository of information relative to achieving compliance and which provides support for continuously monitoring the controls required to remain compliant.
- In consultation with your project manager, a work management plan will assign and track action items that must be completed to implement controls required by HIPAA.
- A separate proposal will be provided at the conclusion of the gap analysis for any remediation projects assigned to Sword & Shield.
- Update the repository as action items are completed to provide evidence of compliancy during the subsequent HIPAA assessments.
Questions Our Reports Answer
- Are you compliant with HIPAA Privacy and Security Rules?
- What are your risks associated with protecting PHI?
- Can a hacker get to your PHI information?
- How do you prioritize your resources (budget and time) in closing the gaps to become secure and compliant?
- What do you need to do to maintain security and compliance on a continuous basis?
Meet HIPAA Specialist Michelle Caswell
Michelle Caswell comes to the company after spending three years as a Health Insurance Portability and Accountability Act (HIPAA) privacy investigator for the U.S. Office of Civil Rights (OCR). While there she ensured covered entities were in compliance, conducted complaint investigations and educated covered entities on how to comply with the HIPAA Privacy Rule and new electronic health record (EHR) requirements.
Prior to her experience with the OCR, Caswell, a member of the Georgia State Bar, worked as law clerk for the Health Law Partnership. There she managed a large caseload under a supervising attorney, worked on cases involving legal issues that included health care law, education law, grandparent visitation, applications for government benefits and programs and housing and consumer law.
At Sword & Shield, Caswell conducts procedural and operational assessments of information security processes and system controls, with a focus on HIPAA compliance. She also leverages security and compliance knowledge to review organizations’ current security policies, processes, and controls to provide in-depth gap analyses and guidance on best practices in Governance, Risk, and Compliance (GRC) as it relates to HIPAA security and privacy standards.
PCI DSS Compliance
Most healthcare organizations accept credit cards and may be subject to PCI regulations as well as HIPAA. We are a PCI Qualified Security Assessor and PCI assessment is our most popular service. See our PCI Compliance page to learn more about our offerings.
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.
U.S. Toll-free: 800-810-1885