HIPAA Compliance

What is the purpose of HIPAA?

Lawmakers had four main objectives in creating the Health Insurance Portability and Accountability Act (HIPAA):

  • To keep personal health information private
  • To secure electronic records
  • To make insurance portable
  • To simplify administration

WHAT IS THE EASIEST WAY TO BECOME HIPAA COMPLIANT?

START WITH A SECURITY RISK ASSESSMENT, A CRITICAL FIRST STEP IN IDENTIFYING WHERE AND HOW ALL THE PHI IS USED AND ALL THE WAYS IT CAN BE BREACHED.

Regulations are deliberately vague on a risk analysis methodology due to the vast differences in the size, capabilities and complexity of Covered Entity operations. However, HHS does provide objectives, which include:

  • Identifying all the PHI created, received, stored or transmitted by your organization, including information shared with consultants, vendors and other Business Associates
  • Defining intentional and unintentional threats to the integrity of PHI from people, technology or the physical landscape
  • Assessing measures in place to protect against threats to the integrity of PHI
  • Evaluating the “reasonably anticipated” likelihood of a breach
  • Determining the potential impact of a breach and a risk level based on its likelihood and reach
  • Documenting the findings and execution of measures, procedures and policies to ensure HIPAA compliance

.

Is it time for your annual Risk Assessment?

A HIPAA risk assessment is not a one-time requirement, but a regular task necessary to ensure continued compliance, particularly when there are changes to the workforce, work practices or technologies.

Summit’s security team has conducted numerous Security Risk Assessments to review administrative, technical and physical safeguards, identify an document compliance gaps, and provide a roadmap for remediation, based on level of criticality