June 15, 2017

HIPAA Compliance | Security and Privacy Rule

Overview


The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.

Where We Excel


Our management level consultants have experience with hundreds of security and compliance engagements. In addition to our seasoned personnel we offer the following benefits on every project:

  • Comprehensive toolkit to accomplish HIPAA Security and Risk Analysis Requirements,
  • Establishing an effective risk management approach to protect customer data and present a defensible approach if audited by the OCR,
  • Integrating HIPAA into independent attestation reports like SOC 2,
  • Competitive pricing and discounts for multi-year contracts,
  • Flexible on-site or remote fieldwork by using our secure audit documentation workflow tool (inview), and
  • Director-level support and involvement in each phase of the engagement.

FAQs


  • What is the HIPAA Security Rule?
  • What are the HIPAA Risk Analysis requirements?
  • What happens if I am audited by the OCR?
The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. You can find out more information on the HIPAA security rule on the HHR website.
The NIST HIPAA Security Toolkit Application, developed by the National Institute of Standards and Technology (NIST), is intended to help organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those implementations in their operational environment. Target users include, but are not limited to, HIPAA covered entities, business associates, and other organizations such as those providing HIPAA Security Rule implementation, assessment, and compliance services. You can find out more information on the HIPAA risk analysis on the HHR website.
Since the compliance date of the Privacy Rule in April 2003, OCR has received over 156,874 HIPAA complaints and has initiated over 815 compliance reviews. We have resolved ninety-eight percent of these cases (154,777).

OCR has investigated and resolved over 25,167 cases by requiring changes in privacy practices and corrective actions by, or providing technical assistance to, HIPAA covered entities and their business associates. Corrective actions obtained by OCR from these entities have resulted in change that is systemic and that affects all the individuals they serve. OCR has successfully enforced the HIPAA Rules by applying corrective measures in all cases where an investigation indicates noncompliance by the covered entity or their business associate, which may include settling with the entity in lieu of imposing a civil money penalty. To date, OCR has settled 52 such cases resulting in a total dollar amount of $72,929,182.00. OCR has investigated complaints against many different types of entities including: national pharmacy chains, major medical centers, group health plans, hospital chains, and small provider offices.

You can read more about the OCR’s audit process here.