HIPAA/HITECH Assessments

HIPAA/HITECH Assessments

Overview

CyberGuard has assisted many clients comply with the Health Insurance Portability and Accountability Act (HIPAA) and subsequent Health Information Technology for Economic and Clinical Health (HITECH) Act. HIPAA is comprised of the Security and Privacy Rules and defines a clear set of policies, procedures, and processes which must be in place for companies that store, process, or transmit electronic protected health information (ePHI). HIPAA applies to all healthcare providers, health plans, healthcare clearinghouses, and to any service provider that manages electronic protected health information (ePHI). Additionally, service providers are increasingly being asked to undergo HIPAA to comply with Business Associate Agreements.

Project Scoping

Our team will work closely and collaboratively with your staff to determine which sections of HIPAA are applicable to your business operations. We interview key management and IT personnel to identify the controls which need to be in place to meet the HIPAA compliance requirement. Once the scope of the project has been determined, we begin the HIPAA Readiness Assessment.

 

HIPAA Readiness Assessment

A Readiness Assessment is a proactive approach to ensuring your HIPAA program will meet the necessary compliance and scoring requirements of the HIPAA standard. Entities who are required to undergo HIPAA assessments often find the first year is the most difficult. Not only must they comply with each of the audit requirements, but they also need to build out their documentation and processes to comply with the standard. This is where our team steps in. Once we have identified the scope of the project, we work side-by-side and collaboratively with your management team and IT personnel to perform walkthroughs to verify essential controls are in place and designed effectively. Once walkthroughs have been completed, we prepare a detailed report and gap analysis which includes specific remediation steps the client must perform to pass each control.

Click here for more information and to submit an inquiry about us performing a Readiness Assessment for your company.

 

HIPAA Compliance Testing

When your company is ready to undergo HIPAA compliance testing, our first step is to create a detailed document request list which includes a detailed listing of all documentation we will need to perform our test procedures. This detailed document request list is sent well in advance of onsite fieldwork, saving your team time and creating efficiencies in the process. Once onsite, we will walk through each control requirement. Since our team is very experienced in HIPAA compliance testing, we are able to minimize disruptions to your business operations while testing is being performed. Our testing procedures will include a mix of interviews, observations, and sampling. Once test results have been compiled, we will share the results with your management team. We will assist management when drafting responses to any gaps which were identified during testing and draft a report for management’s review.

 

HIPAA Compliance Reporting

We will tailor the final report to suit the needs of its intended audience. If your agency, department, or bureau intends to use the report for internal purposes, we will conduct a consulting engagement and collaborate with management to determine the best reporting format for your particular needs. If the primary purpose of the report is to present the findings to external parties, we will perform an agreed upon procedures engagement and draft the report to comply with the standard reporting format.