HIPAA Compliance

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a broad national standard that places protections around healthcare and health insurance in the United States of America. While the standard touches many different aspects of patient care, there are specific provisions or “rules” designed to protect sensitive patient health information from improper use and disclosure. The rules were required by HIPAA to be developed by the Secretary of the U.S. Department of Health and Human Services (HHS). The rules included the HIPAA Privacy Rule, and a subset of requirements labeled the HIPAA Security Rule. The outcome for not adhering to HIPAA requirements can result in civil and even criminal penalties.

The two rules outlined above set the overall requirement for administrative, technical, and physical safeguards as they relate to HIPAA. It is these types of controls that our consultants help organizations to achieve.

Managed Detection and Response

How we help achieve HIPAA compliance?

We help your organization meet the control requirements needed to pass an HHS / Office of Civil Rights (OCR) audit review. We do this by offering services designed around the Administrative, Technical, and Physical safeguards.

Administrative Safeguards

  • Risk Assessment

  • Risk Management Program Development

  • Virtual Risk Officer

  • HIPAA / HITECH Gap Assessments

  • HIPAA Security Policies

    • Sanction Policies

    • Information Security Policy Development

    • Policy Reviews

  • Information Systems Assessment and Reviews

  • Security Awareness Training

  • Business Continuity Plan Development

  • Vendor Risk Assessments

Technical Safeguards

  • Vulnerability Assessments

  • Penetration Testing Services

  • Incident Response Plan

  • Data Breach and Forensic Investigation Services

  • Network Access Control (NAC) Services

    • Dynamic Segmentation Security Programs

  • Identity and Access Management Solutions

  • Security Log Monitoring

  • Endpoint Detection and Response Solutions

  • Encryption Solutions

  • Virtual Chief Information Security Officer

  • Virtual Privacy Officer Services

  • Medical Device Risk Assessments

Physical Safeguards

  • Physical Security Assessments

    • Site Visits

  • Social Engineering Testing Services

  • Fraud Assessment Services

  • Business Continuity and Contingency Planning Services

  • Building Access Control Planning Services

  • Data Disposal Plan and Solutions

    • Electronic

    • Physical Media

  • Data Backup Plan and Solutions