HIPAA
Overview
Regents and Park has assisted many clients comply with the Health Insurance Portability and Accountability Act (HIPAA) and subsequent Health Information Technology for Economic and Clinical Health (HITECH) Act. HIPAA is comprised of the Security and Privacy Rules and defines a clear set of policies, procedures, and processes which must be in place for companies that store, process, or transmit electronic protected health information (ePHI). HIPAA applies to all healthcare providers, health plans, healthcare clearinghouses, and to any service provider that manages electronic protected health information (ePHI). Additionally, service providers are increasingly being asked to undergo HIPAA to comply with Business Associate Agreements.
Project Scoping
Our team will work closely and collaboratively with your staff to determine which sections of HIPAA are applicable to your business operations. We interview key management and IT personnel to identify the controls which need to be in place to meet the HIPAA compliance requirement. Once the scope of the project has been determined, we begin the HIPAA Readiness Assessment.
HIPAA Readiness Assessment
A Readiness Assessment is a proactive approach to ensuring your HIPAA program will meet the necessary compliance and scoring requirements of the HIPAA standard. Entities who are required to undergo HIPAA assessments often find the first year is the most difficult. Not only must they comply with each of the audit requirements, but they also need to build out their documentation and processes to comply with the standard. This is where our team steps in. Once we have identified the scope of the project, we work side-by-side and collaboratively with your management team and IT personnel to perform walkthroughs to verify essential controls are in place and designed effectively. Once walkthroughs have been completed, we prepare a detailed report and gap analysis which includes specific remediation steps the client must perform to pass each control.