The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.
Where We Excel
Our management level consultants have experience with hundreds of security and compliance engagements. In addition to our seasoned personnel we offer the following benefits on every project:
- Comprehensive toolkit to accomplish HIPAA Security and Risk Analysis Requirements,
- Establishing an effective risk management approach to protect customer data and present a defensible approach if audited by the OCR,
- Integrating HIPAA into independent attestation reports like SOC 2,
- Competitive pricing and discounts for multi-year contracts,
- Flexible on-site or remote fieldwork by using our secure audit documentation workflow tool (inview), and
- Director-level support and involvement in each phase of the engagement.
- What is the HIPAA Security Rule?
- What are the HIPAA Risk Analysis requirements?
- What happens if I am audited by the OCR?
OCR has investigated and resolved over 25,167 cases by requiring changes in privacy practices and corrective actions by, or providing technical assistance to, HIPAA covered entities and their business associates. Corrective actions obtained by OCR from these entities have resulted in change that is systemic and that affects all the individuals they serve. OCR has successfully enforced the HIPAA Rules by applying corrective measures in all cases where an investigation indicates noncompliance by the covered entity or their business associate, which may include settling with the entity in lieu of imposing a civil money penalty. To date, OCR has settled 52 such cases resulting in a total dollar amount of $72,929,182.00. OCR has investigated complaints against many different types of entities including: national pharmacy chains, major medical centers, group health plans, hospital chains, and small provider offices.
You can read more about the OCR’s audit process here.