Healthcare (HIPAA) Compliance
Contextual Security offers a suite of services and security awareness to assist healthcare organizations (Hospitals, Physician Groups, and Service Providers) in complying with security requirements found in HIPAA, HITECH and Meaningful Use.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires that access to Protected Health Information (PHI) shall be managed to guard the integrity, confidentiality, and availability of electronic PHI (ePHI) data. The Health Information Technology for Economic and Clinical Health Act (HITECH) further bolstered HIPAA as it required that Business Associates also adhere to those requirements that previously applied only to Covered Entities. Lastly, Meaningful Use Core Objective 14 (Eligible Hospitals) and Core Objective 15 (Eligible Professionals) require organizations to conduct a security risk analysis in accordance with the requirements found in the HIPAA Security Rule.
Our team of experienced healthcare consultants will review your documented HIPAA policies and procedures, interview key members with healthcare data security responsibilities and conduct technical inspections of those systems that store, process and/or transmit healthcare data to ensure that all three are in line with the controls found within the HIPAA Audit Protocol as well as security best practice. This comprehensive approach allows our clients to have confidence in the accuracy of our findings because they rely on tangible data gathered through our three-pronged approached (document reviews, interviews and system inspections), and not just the results from an employee survey or a review of the organizations information security policy.
In addition our clients are given 24/7 visibility into the progress of audit through our illumino platform. illumino gives organizations the ability to quickly identify the status (Compliant, Not Compliant, Remediating, etc.) of each control within the HIPAA Audit Protocol, including the information that was relied upon by the assessor to make the status determination. By making this information available 24/7, there are no surprises!
We want to be your trusted security (and compliance) partner and the only way to do that is to get to know your organizations goals and objectives, and stay involved in throughout the year.
With our HIPAA consulting services, Contextual Security HIPAA compliance engagements are specifically tailored to your organizations needs and requirements.
Virtual HIPAA/HITECH Consultant
Contextual Security’s HIPAA/HITECH General Consulting offering was created for organizations who are interested in having an experienced HIPAA compliance consultant available throughout the year for regular (e.g. weekly, monthly, quarterly) or ad-hoc (e.g. on-demand) meetings to address requirement questions, provide guidance on how changes within the organization could impact their overall compliance, as well as keep them up to date on upcoming changes to the HIPAA Audit Protocol (e.g. Audit Protocol – April 2016 Update).
HIPAA/HITECH Independent Third Party Audit
Contextual Security independent third party audit includes an evaluation of your environment against the HIPAA Audit Protocol as well as an assessment of those critical controls responsible for securing healthcare data during processing, transmission and storage. The HIPAA/HITECH Independent Third Party Audit also includes a focus on mobile device security and media disposal policies and procedures, which are two primary contributors that have resulted in healthcare organizations having to report a breach of unprotected healthcare data (source: Health & Human Services list of Data Breaches Affecting 500 individuals or more).
HIPAA Risk Assessment
Whether it’s part of a Meaningful Use attestation initiative, or simply to meet HIPAA requirement 45 CFR 164.308(a)(1), Contextual Security can assist organizations with conducting their annual risk assessment. Our HIPAA Risk Assessment offering is a streamlined approach that primarily focuses on:
- Identifying all locations where ePHI is created, received, maintained and transmitted
- Identifying the threats and vulnerabilities to the security of that ePHI
- Determining a risk score based on the potential impact of the associated threats and vulnerabilities
- Working with your organization under review to determine a mitigation approach that addresses those risks uncovered through the engagement.
- HIPAA Audit Protocol Compliance Report
- HIPAA Risk Assessment Report
In addition, Contextual Security includes, as part of each engagement, an out brief call to discuss the findings and answer any questions your organization may have.
Please contact one of our Enterprise Consultants for a free sample report.