CompliancePoint

Practice Areas

Direct Marketing Compliance

Information Security Compliance

PCI Certifications
PCI DSS Assessment
PCI Payment Application (PA-DSS) Assessment
Policy & Procedures
Information Risk Management
Risk Assessments
Business Continuity & Disaster Recovery Planning
Vulnerability Assessment & Penetration Testing
Co-managed Security & Compliance Program
Compliance Consulting Services
HIPAA
HIPAA - Elements of Analysis
SSAE16 SOC Reports
GLBA
SOX
FCRA
SB 1386
Information Security Services
Architecture & Engineering
Operations

HIPAA

Health Insurance Portability and Accountability Act (HIPAA)
Organizations that process and/or maintain healthcare-related information are mandated by the Health Insurance Portability and Accountability Act (HIPAA) to demonstrate security compliance of electronic protected health information (ePHI).

The HIPAA rules require that covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of Protected Health Information (PHI) in any form.

In addition, the HITECH ACT requires that covered entities implement policies and procedures to address the final disposition of electronic PHI and the hardware or electronic media on which it is stored. Entities must also implement procedures for the removal of electronic PHI from electronic media before the media are made available for re-use.

The Security Rule applies to the following covered entities:

Covered Healthcare Providers -- Any provider of medical or other health services, or supplies, who transmits any health information in electronic form in connection with a transaction for which HHS has adopted a standard.
Health Plans -- Any individual or group plan that provides or pays the cost of medical care such as a health insurance issuer and the Medicare and Medicaid programs.
Healthcare Clearinghouses -- A public or private entity that processes another entity's healthcare transactions from a standard format to a nonstandard format, or vice versa.
Medicare Prescription Drug Card Sponsors - A nongovernmental entity that offers an endorsed discount drug program under the Medicare Modernization Act.

CompliancePoint's Information Security practice group has developed a thorough operations and service delivery assessment that addresses the intense examination by government and public auditors who monitor your organization for compliance with HIPAA/HITECH as well as other industry regulations.

Our HIPAA/HITECH Risk Management Assessment
The HIPAA/HITECH Assessment assists management in establishing requirements for state and federal agencies by assessing the general and application controls requirements throughout your organization's various business functions.

The purpose of the assessment is multi-fold:

To ensure the confidentiality, integrity and availability of PHI data
To identify existing vulnerabilities within the information security network
To provide a detailed corrective action plan and recommendations to protect against both internal and external threats
To serve as a baseline assessment in preparation for regulatory audits and for all future information security program initiatives

The Elements Of Analysis Learn More

For more information on our HIPAA/HITECH Assessments, email security@compliancepoint.com
or call (800) 585-4888.

Questions?