The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that established national standards to protect sensitive Patient Health Information. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy & Security Rule to ensure organizations comply with HIPAA requirements. Companies that process, store, use, and transmit Patient Health information (PHI) must be HIPAA Compliant.
We sit with your team to understand your business processes and the environment to accordingly consolidate the scope.
Understand your business operations, controls, and systems to define the scope and the Trust Services Criterion that apply to your organization.
Assess your organization vis-à-vis the HIPAA standard requirements to identify areas that need to be addressed.
Conduct a brief Awareness Training program on HIPAA Compliance for your organization.
Identify your critical information assets and accordingly classify them for creating a separate Asset inventory.
Conduct a comprehensive Risk Assessment to identify weak areas and loopholes that could impact the business-critical assets of your organization.
Our experts rank the risks identified and accordingly help you strategize appropriate Risk Treatment measures.
Our team assesses your application for conformation to HIPAA requirements such as Data Portability, User Consent, Effective UI design, etc.
We will help you build and rollout an effective training program for your organization, pertaining to HIPAA Compliance.
Our team will assess and confirm whether or not all the security and privacy policies are in place, as required for HIPAA Compliance.
We will help you build and rollout effective policies and procedures for your organization, pertaining to HIPAA Compliance.
After a reasonable gestation period, a separate team of experts conduct a Pre-assessment of your setup and ensure all measures are implemented.
Once all controls are confirmed to be in place, we will be issuing a legally admissible "HIPAA Compliance" Certificate for your organization.
If required we can extend our continual support by offering you Managed Compliance Services to help your organization stay certified.
Healthcare providers: Every healthcare provider, regardless of the size of the practice, who processes or transmits PHI in connection with certain transactions including claims, benefit eligibility inquiries, referral authorization requests, and other transactions fall under the HIPAA Transactions Rule.
Health plan groups & insurers: Entities that provide or pay for medical care also fall under HIPAA Compliance. This may typically include Health, Dental, Vision, and Prescription Drug Insurers, Health Maintenance Organizations, and Medicare supplement Insurer to name a few. Health plans also include employer-sponsored groups, government-sponsored groups, church-sponsored health plans groups, and multi-employer health plan groups.
Exception: A group health plan with less than 50 participants administered solely by the employer is not a covered entity.
Healthcare clearing houses: Entities who process healthcare information fall under HIPAA Compliance. Healthcare Clearinghouses offering processing services to a Health Plan Group or a Healthcare provider are expected to comply with HIPAA.
Business associates: A person or organization using or disclosing individually identifiable health information to perform or provide functions, activities, or services for a covered entity are also expected to comply with HIPAA. The activities or services may typically include claims processing, data analysis, utilization review, and billing.
HIPAA Audit cost for an average-sized company starts at $8000. Pricing for a HIPAA audit usually depends on several factors, including the Scope of Audit, Number of Locations, and other additional services.
On average it takes 4-6 weeks to complete a HIPAA Audit. However, the timeline also greatly depends on the time taken for implementing the remediation suggested in the gap analysis.
You will receive an audit report documenting the details and validating the organization’s effectiveness of information security management, controls, and practices to protect PHI. The report will detail information about how your client information is maintained securely with all necessary controls in place. Additionally, we provide a “Certificate of Compliance” that you can show your clients and also proudly hang on your office walls and conference rooms.
A HIPAA Audit Report is only valid for a year or 12 months from the date of audit completion.
As per the Industry standard requirement, a HIPAA Audit must be performed annually, or when significant changes are introduced that may impact systems and control in an environment.