What is HIPAA- HITECH?

Not HIPPA.

Health Insurance Portability and Accountability Act (HIPAA) – Health Information Technology for Economic and Clinical Health (HITECH) is in place for healthcare companies and their vendors to safeguard the protected health information (PHI) of all patients.

What are the rules?

Security Rule

Administrative, Physical, Technical, and

Privacy Rule

For doctors, clearing houses, insurance, and other covered entities to allow patients to know what safeguards are around their PHI including the right to modify, access, delete, request information about their data.

Breach Notification

Must report a breach to HHS & must prove you have security & breach notification process in place.

Enforcement Rule

The HHS/OCR has the right to audit your company at any point or if a patient reports.

Our Process
  1. Scope & Roadmap (in as little as 30 minutes!)
  2. Risk Assessment & Gap Analysis
  3. Policy & Governance
  4. Technology & Process Implementation
  5. Evidence Collection & Reporting
  6. Internal Audit Review & Reporting
  7. Submit all evidence & documentation to external auditor
  8. Continuous Maintenance & Monitoring
Industries

Healthcare FAQs

Am I a Covered Entity (CE)?

Only if you are a health plan, health care clearinghouse, or a healthcare provider such as a doctor, dental or chiropractor.

Am I a Business Associate (BA)?

Only if you perform services on behalf of a covered entity. Typically, these are technology vendors or service providers of CEs.

What is a Business Associate Agreement (BAA)?

A contract in place between CEs and their business associates to ensure protection protected health information (PHI).

What HIPAA-HITECH rules apply to me?

Depends on your services & if you are a covered entity or business associate.

Do I need an audit by CPA firm?

No, an external audit is not required. You should perform at least an internal audit annually, especially if you change technology, people or processes.

Will I get fined?

Covered entities can & will be audited randomly by Office of Civil Rights (OCR), part of HHS. Users and patients of CEs and BAs can conduct complaints against the companies & also be investigated for violations.

What are the penalties?

Let’s just say if you are not compliant…..you pay for every patient that you have.

Get in touch โ†’
Dealing with patient or medical information?