The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 by the US Congress. HIPAA was designed to provide privacy standards and protect patients’ medical records and other health information provided to insurance companies, doctors, hospitals, and other health care entities.
The law covers three specific areas:
• Privacy of medical records, regardless of media type (paper, digital, etc.)
• Security of protected health information (PHI) in electronic form
• Administrative simplification of electronic data
Thus, information security plays a major role in complying with HIPAA. The goal is to protect personally identifiable information (PII) as it moves through the health care system. Health care organizations, including providers, insurance companies, and clearinghouses, must be HIPPAA compliant at all times.
The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 extends these requirements even further by addressing third‐party access to PHI, increasing compliance obligations, and strengthening enforcement penalties.
Importance of Adhering to HIPAA Compliance
To help health care organizations comply with HIPAA, various security standards have been created in order to protect patients’ personally identifiable information (PII). These standards include administrative procedures, technical security mechanisms and services, and physical safeguards. Overall HIPAA compliance, and the adherence to critical security standards outlined by the Act, is imperative to the ongoing business operations of all health care organizations. Failure to comply may result in regulatory actions, such as fines, and will also lead to a lack of trust among patients, a poor reputation for your business, and – eventually – lost profits.
C & G can help you achieve and maintain HIPAA compliance
C & G, in collaboration with its partners, provides multiple solutions to help health care organizations comply with HIPAA requirements. We are equipped to focus specifically on the administrative, physical, and technical requirements of HIPAA and HITECH. Our approach is comprised of the following phases:
• Security Assessment designed to indentify the existing security gaps in your current environment
• Gap Analysis which measures your existing security measures against the regulations
• Risk Assessment which outlines the weaknesses that are putting your company at risk
• Remediation Report detailing the actions necessary to bringing security controls in line with HIPAA standards
• Security policies designed to mitigate the risk of PHI exposure
• Data Loss Prevention that allows you to discover and track where personal information is stored
• Encryption of PHI and other sensitive information, as required by HIPAA
• Network Access Control aimed at safeguarding your perimeter and enhancing endpoint security
• Security awareness training and education for your staff and third parties with access to your clients’ data
Call C& G today to begin your path to compliance and protect your company from the risk of HIPAA related hassles and fines.