Ongoing HIPAA Compliance for Companies that Manage and Process Patient Health Information

Sword & Shield’s HIPAA Compliance Program (HCP) provides a cost-effective way for organizations to fulfill HIPAA compliance requirements and to ensure on-going compliance with the HIPAA Security, Privacy, and Breach Notification Rules.

HIPAA Compliance Rules

By enacting the HIPAA law, Congress mandated the establishment of Federal standards to ensure the confidentiality and the privacy of protected health information (PHI). Here is an explanation of each of the HIPAA compliance rules:

HIPAA Security Rule

For HIPAA covered entities and business associates, safeguarding patients’ electronic protected health information (ePHI) is required by law. The HIPAA Security Rule requires that a periodic risk assessment of an organization’s technical and non-technical safeguards be conducted.

HIPAA Privacy Rule

Key to an organization’s compliance is a comprehensive set of policies and procedures as required by the HIPAA Privacy Rule. A covered entity’s workforce members must be thoroughly trained on those policies which provide guidance on how to interact with patients and their sensitive data.

Breaches of PHI

Breaches of patient data have become a well-publicized and disturbing trend. Medical record data is worth 10 to 50 times more on the black market than credit card data. Why? Because credit card information can be easily changed, while medical record information is lifelong.

For this reason, penalties for HIPAA violations have increased dramatically over recent years, with fines ranging from $100 to $50,000 per violation (or per record) and a maximum penalty of $1.5 million per year for each incident.

Even an alleged breach or frivolous complaint can result in an investigation of your organization by the Office for Civil Rights (OCR).

The Department of Health and Human Services maintains the HHS Wall of Shame website that posts all HIPAA data breaches affecting more than 500 individuals per breach. As you can see, a breach can cost an organization not only in penalties and fines, but also damage to your reputation.

Fulfilling HIPAA Compliance Requirements

Technological advancements related to the creation, storage, and transmission of ePHI often out-pace an organization’s ability to ensure the necessary controls are in place to protect a patient’s information. Most organizations do not have the time, resources, or skill set to ensure their compliance with the HIPAA rules.

In addition, a requirement that may be necessary for a hospital or health system may not be reasonable for a physician practice or IT service provider.

Maintaining HIPAA Compliance

The HIPAA Compliance Program is a partnership between Sword & Shield and your organization with the goal of achieving and maintaining HIPAA compliance well beyond the initial HIPAA risk assessment.

Sword & Shield’s HIPAA experts take the stress of compliance off you by helping to make sense of the HIPAA rules and how they apply to your business, as well as how they compare to state laws since you must adhere to the more stringent law.

Sword & Shield helps you to identify your risks and vulnerabilities and develop a remediation plan to increase your HIPAA compliance. Then, we continue to work with you to maintain or improve compliance.

Through this process, Sword & Shield becomes a true security and compliance partner, engaging with you on upcoming changes to the HIPAA laws, OCR guidance, technology trends, and industry best practices.

What Our HIPAA Compliance Program Includes

Our HIPAA consultants get to know your business, then apply their thorough HIPAA compliance knowledge to attest to the posture of your organization using the following steps:

HIPAA Risk Assessment Service

Sword & Shield’s HIPAA risk assessment identifies and documents your areas of risk associated with the creation, storage, transmission, and processing of ePHI in accordance with the HIPAA Privacy, Security, and Breach Notification Rules.

Sword & Shield analyzes the use of administrative, physical, and technical controls to eliminate or manage vulnerabilities that could be exploited by internal or external threats.

HIPAA Gap Analysis Service

Our HIPAA gap analysis compares the HIPAA rule requirements against your organization’s controls to identify and report gaps between your policies, procedures, systems, and applications.

The results of the gap analysis are used to create recommendations to assist with the remediation efforts required to reduce gaps and achieve HIPAA compliance.

HIPAA Roadmap to Security and Compliance

Following delivery of the risk assessment and gap analysis reports, the Sword & Shield team develops a HIPAA Roadmap to Security and Compliance (RSC) to assist you in fulfilling your HIPAA compliance requirements. This HIPAA security and compliance roadmap takes into consideration the controls that need to be addressed to lower risks and address compliance deficiencies. The initial RSC is considered a working document, developed in partnership with you, to build a plan with prioritized HIPAA remediation tasks, task assignments, timelines, and estimated budgets.

HIPAA Compliance Program Trustmark and Documentation

HIPAA Compliance StatusSword & Shield’s HIPAA consultants determine your HCP level as Compliant, Validated or Assessed and issue your HCP Trustmark. This certifies your organization has been independently evaluated by the Sword & Shield healthcare consulting team.

Next, we provide you with a documentation package that includes the following:

  • Trustmark logo
  • Permission for use of the appropriate Trustmark
  • Certificate suitable for framing
  • Congratulatory letter that explains the certification and requirements for branding usage
  • Template attestation language that can be included in a Business Associate Agreement
  • Letter that can be sent to business associates and covered entities that defines the certification

HIPAA Compliance Related Services

As a full-service security and compliance firm, Sword & Shield offers a host of related solutions. In addition to the HCP, clients may opt for these related services:

Managed Security Services

Data Mapping

HIPAA Security Awareness Training

Vulnerability Scanning

Penetration Testing

Sensitive Data Discovery Scanning

Download the Data Sheet

HIPAA Compliance Program

HIPAA Compliance Program

Fast Track Your HIPAA Certification

Request a Free HIPAA Compliance Program Consultation