HIPAA Privacy and Security Compliance Services

HIPPA logo

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) directs the U.S. Department of Health and Human Services (HHS) to adopt and require the use of national standards associated with security and electronic health care transactions. In keeping with HIPAA, HHS published various rules to codify standards that address security and privacy concerns associated with Protected Health Information (PHI). The two (2) main components of HIPAA compliance include:

  • Privacy Rule (December 2000) – defines standards for the protection and disclosure of PHI by covered entities (i.e. health plans, health care clearinghouses, and health care providers).
  • Security Rule (February 2003) – defines standards for protecting the confidentiality, integrity, and availability of electronic PHI.

The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 encouraged the implementation of health Information Technology, strengthened the regulatory standards included in the Privacy and Security Rules, and increased the enforceability of the HIPAA Rules.

Your organization may meet the administrative and physical controls that are required to safeguard PHI, but are you confident that your organization has implemented the rigorous technical controls required to protect electronic health records? The controls that are included in the Privacy and Security Rules are not voluntary and violations can subject organizations to multiple civil and potentially criminal penalties. Examples of common PHI violations include data breaches, improper disclosure, improper disposal and loss of protected data. Covered entities that neglect their responsibilities to protect against such security incidents can be fined up to $1,500,000 annually. It is imperative to consider financial costs, impacts of these violations on your organization’s reputation and business operations, and the effects of violations on patient privacy.

HIPAA Consulting Services

COACT can assist your organization in evaluating your level of responsibility and implementing a compliant information security program. We have assisted numerous clients in establishing and improving an information security program to meet legal and regulatory requirements. We can leverage our extensive knowledge and experience providing consulting services to guide your organization in achieving HIPAA compliance.

HIPAA Privacy and Security Consulting Services Include
  • Gap analysis and pre-assessment of safeguards
  • Generation of a compliance roadmap and recommended remediations
  • Assistance with implementing security safeguards
  • Development and maintenance of system/security documentation
  • Recommend technologies and services to reduce IT costs and improve security
  • Provide required annual training to compliance, privacy, and security officers

HIPAA Assessment Services

HHS offers a Security Risk Assessment (SRA) Tool that can be used by covered entities to evaluate their level of compliance and track remediation efforts. COACT assessors, which are qualified to perform large-scale assessments of cloud systems in addition to the systems at a local doctor’s office, can either assist with the performance of the assessment or fully execute the assessment as an independent third party.

HIPAA Privacy and Security Assessment Services Include
  • Security risk assessment
  • Vulnerability and compliance scanning
  • Artifact generation and analysis
  • Continuous monitoring and reporting activities

The COACT Advantage

COACT has an accomplished and extensive record of helping organizations meet their compliance needs regardless of the size of the organization and the complexity of their information systems. COACT is an accredited Third-Party Assessment Organization (3PAO) with qualified assessors that are knowledgeable and experienced with various technologies, processes, and frameworks. We apply our accredited and standardized quality-control processes to all services and deliverables we provide, ensuring every COACT client gets our absolute best during each engagement. COACT’s client-focused and results-driven approach can help your organization identify risks, implement appropriate security safeguards, mitigate and eliminate gaps in security, and maintain compliance with the HIPAA Privacy and Security rules. COACT does not participate in the HITRUST alliance and is, therefore, able to offer lower costs associated with consulting and assessment services.

If you are ready to enlist COACT to support and guide your organization through all the steps required to achieve HIPAA compliance, please reach out to a COACT representative using the contact form below or email info@coact.com.