Our HIPAA Compliance Program assists in establishing and meeting the requirements by assessing the general and application control requirements throughout Covered Entities and their Business Associates’ various business functions. We follow these processes to protect against internal and external threats:
- HIPAA Assessment - CompliancePoint’s team of experts will conduct a comprehensive review of your organization's compliance with HIPAA regulations. This includes an evaluation of your organization’s regulatory status based on security standards, administrative safeguards, technical safeguards, organizational requirements, policies & procedures, and documentation requirements. The report developed is based on the findings outlining any deficiencies and will include the steps needed to remediate them.
- Remediation - CompliancePoint does not just provide a gap analysis and walk away. Our team creates a customized Remediation Project Plan based on the findings, enabling your organization to track its progress. Covered Entities and Business Associates can then correct the identified deficiencies with internal resources or outsource that work effort to CompliancePoint. CompliancePoint provides security consulting, network design, technology evaluation and selection, policy and procedure development, and IT integration and configuration services.
- Validation and Reporting - Upon completion of deficiency remediation, CompliancePoint conducts a final audit review and issues a report of compliance. The report gives authorities, partners, and leadership proof of your organization’s compliance validated by a non-biased third party.
As an authorized CSF Assessor, we understand the impact healthcare regulatory requirements have on your data collection, transmission, and handling procedures. Partnering with CompliancePoint to become HITRUST certified will provide you with:
- The expertise, process, procedures, and technology required for HITRUST Certification
- A non-biased 3rd party attestation of your security controls
- A comprehensive yet efficient assessment methodology
- Years of experience within the healthcare sector to your organization regarding these issues.
Promoting Interoperability Risk Assessment
As required to qualify for the Medicare and Medicaid EHR Incentive program, Hospitals and Eligible Professionals are required to demonstrating Meaningful Use. This requires undergoing a security risk analysis and correcting any identified deficiencies discovered. However, many healthcare organizations struggle to understand the application of Meaningful Use and the other quality measurements, reporting, and financial implications created by the American Recovery and Reinvestment Act. CompliancePoint's HIPAA Risk Assessment process also helps organizations meet Meaningful Use requirements. Our process includes a comprehensive review of EHR systems, IT infrastructure and the operating environment for e-PHI.Our HIPAA Risk Assessment gives visibility into how proficient the organization is at protecting the integrity & confidentiality of e-PHI and how to minimize the associated risk.
Following the Patient Protection and Affordable Care Act (ACA) of 2010, federal and state health insurance exchanges or HIXs were established. As a result, compliance requirements are now in place focused on the security of computer systems handling patient/healthcare information. These requirements are known as Minimum Acceptable Risk Standards for Exchanges (MARS-E). CompliancePoint's MARS-E assessment process helps state-sponsored HIXs reach compliance with the MARS-E framework. Our experts can help you assess your current compliance status, develop the necessary policies and procedures, and develop an action plan for remediation and ongoing compliance.
Business Associate HIPAA Compliance Monitoring
The "dual liability" that Covered Entities share puts added pressure on them to maintain compliance throughout their partnerships. CompliancePoint provides third party compliance monitoring of Business Associates by performing an initial gap assessment, maintaining ongoing (daily, monthly, quarterly and annual) compliance tasks and preparing audit documentation for planned and unplanned audits. Although Business Associates now have a contractual liability to Covered Entities for HIPAA compliance, CompliancePoint's monitoring and certification process verifies your associates are in compliance with your agreements and are protectign your ePHI. Ongoing monitoring of Business Associates demonstrates your commitment to protecting ePHI.