banner3.png

 

HIPAA Risk Assessments

A comprehensive HIPPA Risk Assessment for compliance regulation.

Organizations that holds or transmits any “individually identifiable health information” has to abide by the HIPAA Privacy Rule. This information can be in any form such as electronic data, paper or oral. The Privacy Rule calls this information protected health information (PHI).

There are over 700,000 organizations that are required by law to conduct a HIPAA Risk Assessment, including:

·       Hospitals
·       Urgent Care Clinics
·       Dental Offices
·       Nursing Homes
·       Behavioral Health Facilities
·       Diagnostic Labs
·       Correctional Facilities
·       Pharmacies

Besides the above “Covered Entities”, any third parties who has access to PHI is considered a “HIPAA Business Associate” and therefore is subject to the same HIPAA regulations. A Business Associate is anyone who deals with any of the above “Covered Entities” as a client. Every Business Associate must have proof of a Risk Assessment under the law:

·       IT Service Provider
·       Law Firm
·       Accountants
·       Document Storage Companies
·       Data Centers, Online Backup companies, Cloud vendors
·       EMR
·       Insurance Agents
·       Revenue Cycle Management vendors

The HIPAA Risk Assessment will be a complete set of official documents that comprise a comprehensive HIPAA IT assessment including:

·       HIPAA Policy and Procedures
·       HIPAA Risk Analysis
·       HIPAA Management Plan
·       Evidence of HIPAA Compliance
·       And all associated supporting documentation

One Way Logic (OWL) provides two types of HIPAA Risk Assessments:

1.     One-Time HIPAA Compliance Service. This is the best choice for any “Covered Entity” or “Business Associate” that knows a risk assessment has to be performed, but don’t have the resources to invest in the patient’s protection. This service will include all of the above documents in an organized fashion. These core documents will be considered the “Basic” service and will help your organization meet their responsibility of having an audit conducted.

2.     Managed Compliance Service. Organizations are constantly changing: New users, computers, servers, software and devices are constantly being added to the network. The HIPAA assessment you perform today has a “shelf-life”. How long that is, depends on the type of business, size of the organization and the speed of change. Having monthly or quarterly re-assessments is the best way to ensure that your organization remains compliant at all times.