HIPAA gap assessment
Review your organization against the body of HIPAA requirements as documented in the 2018 OCR Audit Protocol and get a report on your overall compliance.
How does HIPAA impact your business?
If your organization processes or stores ePHI used for diagnosis, treatment, or billing for health conditions, it is governed by HIPAA. The various rules provide explicit requirements for protecting this information
HHS and OCR have implemented a fine structure for punishing organizations that are found to have insufficient controls in place for protecting ePHI. These penalties are progressive and highest in cases of willful non-compliance.
How do you know if you are compliant?
Confirm compliance with limits regarding the disclosure and use of ePHI and verify patients can request to review and amend their information.
Verify that your organization has the minimum administrative, technical, and physical safeguards in place to protect ePHI.
Verify that your organization has compliant processes in place to handle required notifications when a breach occurs.
Ensure your organization complies with changes to the Privacy and Security Rules including updated language for BA contracts and Notice of Privacy Practices.
According to HHS data, the majority of HIPAA covered entities do not fully comply with HIPAA. Understanding gaps and working on a remediation plan can reduce or even offset penalties if your organization is non-compliant.