HIPAA Compliance for Payers & Providers

a close up of a device

Experts in HIPAA Compliance

The Health Insurance Portability and Accountability Act of 1996 ("HIPAA") required the Department of Health and Human Services ("HHS") to develop regulations protecting the privacy and security of health information. HHS published the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule established standards for the protection of health information. The Security Rule established a set of standards for protecting health information held or transferred in electronic form. Within HHS, the Office for Civil Rights ("OCR") has responsibility for enforcing the Privacy and Security Rules.

HIPAA laws and regulations are complex and can be overwhelming for an organization. We have a team of Privacy & Security experts assisting health care organizations and their business associates. We specialize in privacy & security risk assessments utilizing HIPAA and HITECH (Health Information Technology for Economic and Clinical Health Act) regulations and NIST (National Institute of Standards and Technology) standards.

a person sitting on a table

HIPAA Self-Assessment:

  1. Are you aware of all your systems containing PHI and ePHI?
  2. Are all your systems backed up and are the backups in the cloud or off-premise?
  3. Is there PHI and ePHI managed in off-site locations?
  4. Do you have controls over portable devices such as laptops and flash drives?
  5. How do you dispose of devices (owned or leased) that contain ePHI?
  6. What oversight do you have over your sub-contractors and business associates?
  7. When was the last time you toured your locations reviewing for potential HIPAA violations?
  8. Are your Privacy and Security policies and procedures followed and up to date?
  9. Have you updated your Risk Assessment to include HIPAA and HITECH?
  10. Do you have a Business Continuity Plan?
  11. Are you prepared for an unauthorized disclosure or breach and know what to do when a disclosure occurs?
  12. Do you have a process in place to manage OCR desk and onsite audits?

We offer extensive HIPAA Privacy and Security expertise provided by professionals with deep specialization and experience in:

  • Conducting mock OCR audits aligned with the OCR privacy and security audit protocols
  • Conducting security risk assessments as required by the Security Rule
  • Reviewing the processes around business associate agreements, vendor management and breach management
  • Reviewing and creating privacy and security policies
  • Penetration testing of applications and networks
  • Providing education to staff, vendors, contractors and others on the importance of protecting PHI
  • Reviewing an entity's business associate agreements
  • Supplementing staff by serving as Privacy Officer