Ongoing HIPAA Compliance for Companies that Manage and Process Patient Health Information
Micro Solution's HIPAA Compliance Program (HCP) provides a cost-effective way for organizations to fulfill HIPAA compliance requirements and to ensure on-going compliance with the HIPAA Security, Privacy, and Breach Notification Rules. Not sure if you are currently compliant with HIPAA? Take our free gap assessment to find out!
HIPAA Compliance Rules
Congress mandated the establishment of Federal HIPAA standards to ensure the confidentiality and privacy of all patients protected health information (PHI). Below is an explanation of each of the HIPAA compliance rules that must be followed.
HIPAA Security Rule
For HIPAA covered entities (CE's) and business associates (BA's), safeguarding patients' electronic protected health information (ePHI) is required by law. The HIPAA Security Rule requires that a periodic risk assessment of an organization's technical and non-technical safeguards be conducted.
Key to an organization's compliance is a comprehensive set of policies and procedures as required by the HIPAA Privacy Rule. A covered entity's workforce members must be thoroughly trained on those policies which provide guidance on how to interact with patients and their sensitive data.
Breaches of PHI
Breaches of patient data have become a well-publicized and disturbing trend. Medical record data is worth 10 to 50 times more on the black market than credit card data. Why? because credit card information can be changed easily, while your medical record information is lifelong.
For this reason, penalties for HIPAA violations have increased dramatically over recent years, with fines ranging from $100 to $50,000 per violation (or per record) and a maximum penalty of $1.5 million per year for each incident.
Even an alleged breach of frivolous complaint can result in an investigation of your organization by the Office of Civil Rights (OCR).
The department of Health and Human Services maintains the HHS Wall of Shame website that posts all HIPAA data breach affecting more than 500 individuals per breach. As you can see, a breach can cost an organization not only in penalties and fines, but also damage your reputation.
Fulfilling HIPAA Compliance Requirements
Technological advancements related to the creation, storage, and transmission of ePHI often out-pace an organization's ability to ensure the necessary controls are in place to protect a patient's information. most organizations do not have the time, resources, or skill set to ensure their compliance with the HIPAA rules.
In addition, a requirement that may be necessary for a hospital or health system may not be reasonable for a physician practice or IT service provider.
Maintaining HIPAA Compliance
The HIPAA Compliance Program is a partnership between Micro Solutions and your organization with the goal of achieving and maintaining HIPAA compliance well beyond the initial HIPAA risk assessment.
Micro Solutions' HIPAA experts take the stress of compliance off you by helping to make sense of the HIPAA rules and how they apply to your business, as well as how they compare to state laws since you must adhere to the more stringent law.
Micro Solutions helps you to identify your risk and vulnerabilities and develop a remediation plan to increase your HIPAA compliance. Then, we continue to work with you to maintain or improve compliance.
Through this process, Micro Solutions becomes a true security and compliance partner, engaging with you on upcoming changes to the HIPAA laws and OCR guidance.