Not HIPPA.
Health Insurance Portability and Accountability Act (HIPAA) – Health Information Technology for Economic and Clinical Health (HITECH) is in place for healthcare companies and their vendors to safeguard the protected health information (PHI) of all patients.
What are the rules?
Security Rule
Administrative, Physical, Technical, and
Privacy Rule
For doctors, clearing houses, insurance, and other covered entities to allow patients to know what safeguards are around their PHI including the right to modify, access, delete, request information about their data.
Breach Notification
Must report a breach to HHS & must prove you have security & breach notification process in place.
Enforcement Rule
The HHS/OCR has the right to audit your company at any point or if a patient reports.
Our Process
- Scope & Roadmap (in as little as 30 minutes!)
- Risk Assessment & Gap Analysis
- Policy & Governance
- Technology & Process Implementation
- Evidence Collection & Reporting
- Internal Audit Review & Reporting
- Submit all evidence & documentation to external auditor
- Continuous Maintenance & Monitoring
Industries
- Covered Entities
- Dental Offices & Doctor Offices
- Health Clearing Houses
- Insurance Agencies
- Pharmaceutical
- Business Associates
- Health Technology
- Cannabis Retail
- Service Providers
Healthcare FAQs
Am I a Covered Entity (CE)?
Only if you are a health plan, health care clearinghouse, or a healthcare provider such as a doctor, dental or chiropractor.
Am I a Business Associate (BA)?
Only if you perform services on behalf of a covered entity. Typically, these are technology vendors or service providers of CEs.
What is a Business Associate Agreement (BAA)?
A contract in place between CEs and their business associates to ensure protection protected health information (PHI).
What HIPAA-HITECH rules apply to me?
Depends on your services & if you are a covered entity or business associate.
Do I need an audit by CPA firm?
No, an external audit is not required. You should perform at least an internal audit annually, especially if you change technology, people or processes.
Will I get fined?
Covered entities can & will be audited randomly by Office of Civil Rights (OCR), part of HHS. Users and patients of CEs and BAs can conduct complaints against the companies & also be investigated for violations.
What are the penalties?
Let’s just say if you are not compliant…..you pay for every patient that you have.