HIPAA Compliance

Services / Compliance Services / HIPAA

What is the purpose of HIPAA?

Lawmakers had four main objectives in creating the Health Insurance Portability and Accountability Act (HIPAA):

To keep personal health information private
To secure electronic records
To make insurance portable
To simplify administration

WHAT IS THE EASIEST WAY TO BECOME HIPAA COMPLIANT?

START WITH A SECURITY RISK ASSESSMENT, A CRITICAL FIRST STEP IN IDENTIFYING WHERE AND HOW ALL THE PHI IS USED AND ALL THE WAYS IT CAN BE BREACHED.

Regulations are deliberately vague on a risk analysis methodology due to the vast differences in the size, capabilities and complexity of Covered Entity operations. However, HHS does provide objectives, which include:

Identifying all the PHI created, received, stored or transmitted by your organization, including information shared with consultants, vendors and other Business Associates
Defining intentional and unintentional threats to the integrity of PHI from people, technology or the physical landscape
Assessing measures in place to protect against threats to the integrity of PHI
Evaluating the “reasonably anticipated” likelihood of a breach
Determining the potential impact of a breach and a risk level based on its likelihood and reach
Documenting the findings and execution of measures, procedures and policies to ensure HIPAA compliance

Is it time for your annual Risk Assessment?

A HIPAA risk assessment is not a one-time requirement, but a regular task necessary to ensure continued compliance, particularly when there are changes to the workforce, work practices or technologies.

Summit’s security team has conducted numerous Security Risk Assessments to review administrative, technical and physical safeguards, identify an document compliance gaps, and provide a roadmap for remediation, based on level of criticality