HIPAA Compliance

It’s true that HIPAA has been around for many years now, but we have found there are some businesses who are not yet fully compliant, and we are on a mission to get them there! If you know you have to comply with HIPAA, but not sure where exactly you may be deficient, we can help. We specialize in helping small and medium sized businesses comply with the HIPAA Privacy and Security Compliance.

Our highly personalized approach sets us apart from other HIPAA Compliance or Security Compliance companies that may provide you with tools, software and loose guidance. We take your compliance a step further and on top of advising you on the appropriate path, we do the work to get you there.

If you are a Covered Entity or Business Associate under HIPAA, these questions are for you!

  • Do you have written HIPAA Policies and Procedures? And do you truly feel you understand what those policies and procedures mean?
  • Do you have a Training and Education Program and do your staff truly understand what is required of them under HIPAA?
  • Do you have disciplinary guidelines in writing?
  • Do you have a documented auditing and monitoring plan?
  • Do you have a documented Security Risk Assessment Plan and do you perform a periodic Security Risk Assessment?
  • Do you have a documented Disaster Recovery Plan?
  • Do you have Business Associate Agreements in place that are up to date?
  • Do you have an Incident Response Plan?

If the answer to any of these questions is “no” please reach out to us, we can help!

We can customize your HIPAA compliance project to fit your needs and your budget. There are many pieces to the puzzle but if there are some pieces your staff can handle; we are happy to customize the project to share the work. Below are some of the things we can provide.

 

HIPAA Policies and Procedures. We have a baseline set of HIPAA Policies and Procedures and then we take those and fully customize them to your business and the way you actually use PHI and we leave you with an editable digital copy. Another thing our customers appreciate is our Policy and Procedure Summary document which provides you with a quick reference guide so you can locate any policy right away.

 

Customized HIPAA Training. As an organization, your biggest risk for breaches comes with your employees. We are all human, but your responsibility is to make sure your staff are appropriately trained to recognize suspicious things, report incidents and follow protocol. We take a standard HIPAA training and add lots of details that pertain to your day-to-day operations to allow for a truly personalized HIPAA training that your staff can do in person or on their own time using our online tool that will provide a certificate and quiz.

 

HIPAA Forms.  As part of the Policies and Procedures, we provide your organization with HIPAA Forms to use for training documentation, Incidents, logs and more.

 

Business Associate Agreements. We will provide you with a Business Associate Agreement template you can use as well as a Subcontractor Agreement, we can also review the current BAAs you have in place and advise on any updates that may be needed. Having a Business Associate Agreement in place is one of the most important things you can do for your compliance.

 

Documented Security Risk Assessment. While performing a periodic Security Risk Assessment is a requirement, this can be a very intimidating project to take on when you have a million other things on your plate. We can put structure around this project with actionable items and move this project to completion, and as with everything else we do, we will perform as much of the work as possible to ease your administrative burden. You won’t have to read through hundreds of pages of regulations to perform this assessment or to see your results. We put the results in an easy to read report and also review that with you in person with a summary.

 

List of assets under HIPAA. It can be confusing to know exactly what items you need to include on your list of assets, we work with you to understand the systems and hardware you are using and get everything pertinent on the list.

 

Remediation Plan. Once your risk assessment is complete, we will provide you with a detailed remediation plan, complete with risk rating and priority levels so you can see at-a-glance the items that need to be addressed, the complexity level of addressing each thing, the cost and we make sure to highlight the most important or urgent things you should review.

 

Designated and Trained HIPAA Privacy and Security Officer. We work with your designated staff member and help them truly understand their role and what actions they need to take and things they need to watch for. These individuals must have a solid understanding of the rules and procedures to serve your company as a Compliance Officer.

 

PHI Flow Document. As part of your Risk Assessment, we will document the flow of PHI in your organization so you will have a good understanding of where PHI is created, received or maintained.

 

Auditing and Monitoring. We have some great ideas for auditing and monitoring techniques. Activities need to be meaningful and monitoring needs to be done consistently. It’s true there is an administrative burden with auditing and monitoring but we will give you the shortcuts to make sure you are meeting requirements.

Disaster Recovery Plan. Having a Disaster Recovery Plan is not only a HIPAA requirement, it is important for the life of your business and continuity during times of disaster and uncertainty.

Emergency Mode Operations Plan (EOP). During a state of emergency, your EOP should outline all systems and how each will come back online. We learn about your business and record all systems and walk through what would happen in a state of emergency.

Incident Response Plan. An Incident Response Plan allows your organization to have a plan of action to follow in the event of an incident so that there are no uncertainties.

Vulnerability Scans and Penetration Testing. Our software scans your network to pull reports on the vulnerabilities on your network. This can be an ongoing process or we can do one-time.

Structured, Inc. always provides free consultation meetings, if you are interested please reach out to us at info@structured-inc.com