Skip to content

Healthcare organizations, including Covered Entities and Business Associates, face an array of security and regulatory challenges. Legislation including the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, Promoting Interoperability Program, and the Minimum Acceptable Risk Standards for Exchanges (MARS-E) rules control how you handle and protect patient data. Healthcare organizations are required to assess, remediate, validate and maintain ongoing compliance activities.

Some specific health information privacy requirements and certifications include:

  • HIPAA requires healthcare providers/Covered Entities and Business Associates to apply the appropriate administrative, technical, and physical safeguards that ensure the privacy of Protected Health Information (PHI)
  • HITRUST requirements focus on protecting ePHI through a comprehensive approach that unifies the NIST, HIPAA & HITECH, ISO 27001, PCI DSS, FTC, and COBIT recognized standards and SOC 2 criteria
  • HITECH has tightened breach notification requirements, increased financial liability amounts and established that covered entities are liable for their business associates
  • Promoting Interoperability Program requires hospitals and eligible professionals to undergo a security risk analysis and correct any identified deficiencies discovered
  • MARS-E sets the minimum set of standards required place focused on the security of computer systems handling patient/healthcare information for healthcare exchanges

How We Can Help
Our qualified experts understand the impact healthcare regulatory requirements have on your data collection, transmission, and handling procedures. CompliancePoint brings years of experience within the healthcare sector to your organization regarding these issues.

Potential Risks
An organization's failure to meet compliance with the necessary health information privacy requirements may lead to a breach of data or regulatory fines. However, it’s important to keep in mind the possibility of PR damage to your organization and loss of brand equity.

Does your company use email to communicate with your prospective and current customers? If so, are your emails in compliance with the CAN-SPAM requirements?