HIPAA Regulates

Business Processes

• Employee actions in operations
• Handling health information
• Training
• Business Associate Relations
• Documentation of compliance
  • Access, Use, Disclosure of PHI
  • Policies and Procedures that relate to real actions
          

HIPAA Regulates

Information Technology

• Network security
• Access Controls
• Intrusion Detection
• Disaster Recovery
• Data archiving
• Encryption
• Documentation of compliance

Business Process

Compliance Actions

• Identify organization's HIPAA classification
• Conduct thorough assessment/audit of organization:
  • Where is PHI located
  • Who accesses/uses PHI
  • How is PHI used
• How does organization manage Business associate relationship?
• Handling health information
• Document non-compliance vulnerabilities
• Conduct specific remediation to address any areas of non-compliance
• Document compliance status
• Conduct periodic assessments to ensure that compliance is maintained
• Conduct initial training and updated training as new staff is hired or as regulations change

Information Technology

Compliance Actions

• Conduct a Security assessment that addresses ISO 17799 elements including:
  • Network security
  • Access Controls
  • Intrusion Detection
  • Disaster Recovery
  • Data archiving
  • Encryption
  • Documentation of compliance
• Document all actions taken and identify areas of non-compliance
• Conduct specific remediation of non-compliance
• Document compliance status
• Conduct periodic reviews and assessments to ensure that compliance is maintained
• Conduct initial training and updated training as new staff is hired or as regulations change

HIPAA Solutions, LC

Compliance Resources

for Business Processes

• Nationally recognized and published HIPAA Subject Matter Experts to assist with assessments, audits, remediation or compliance software implementations.
• HIPAA Legal and Technical Expertise
  • RHIO's
  • Healthcare Providers
  • Hospitals
  • Educational Institutions
  • Business
  • Government
• Proven training expertise
• HIPAA ComplyPAK© suite of software tools to automate Privacy rule compliance activity
  • Privacy Module
  • PHI Locator to track access,use and disclosure of PHI in daily operations
  • Documentation of compliance
                   
• Cost effective and reliable resource
• Initial and ongoing training to ensure that staff is aware of regulations and any changes that occur due to legislation or court rulings.

HIPAA Solutions, LC

Compliance Resources

for Information Technology

• Network and Health IT Experts
  • Network security
  • Access Controls
  • Intrusion Detection
  • Disaster Recovery
  • Data archiving
  • Encryption
  • Electronic Medical Records
  • Health Information Exchange
  • Health Information Technology
• HIPAA ComplyPAK© suite of software tools to automate Security rule compliance activity based on national standards.
  • ISO 17799
  • NIST
  • FIPS
• Initial and ongoing training to ensure that staff is aware of regulations and any changes that occur due to legislation or court rulings.

HIPAA Solutions, LC

Compliance Cautions

for Business Processes

• Boiler plate policies and procedures that do not relate to documentation of actual compliance actions will not protect the organization.

• Unfocused compliance actions that do not utilize a comprehensive approach to Privacy and Security rules, as they relate business process and information processing, cannot achieve and maintain compliance.

• HIPAA expertise goes beyond simply knowing some of the rules.  True competence in HIPAA means that there is an in depth understanding of the legal and technical regulations as they impact different types of organizations in healthcare, government or business.    

HIPAA Solutions, LC

Compliance Cautions

for Information Technology

• Technology “Quick Fixes” will not achieve comprehensive compliance - Simply implementing technology without addressing business processes and the Privacy rule will not achieve true compliance. 
• Technology must be implemented in the context of enterprise-wide privacy and security.
• All actions towards compliance must be documented as required by the regulations.
• Utilizing software tools focused on comprehensive compliance, such as the HIPAA ComplyPAk, can reduce the cost and complexity of compliance while ensuring that all actions are related to specific regulations.