CMS, on behalf of HHS, is launching a Compliance Review Program to ensure compliance among covered entities dealing with patient’s health information (PHI) with HIPAA rule. These HIPPA-covered entities will be randomly selected by HHS for Compliance Reviews. As per 45 CFR 164.316, a covered entity, need to develop manuals, policies and procedures addressing how to deal with high-profile patients, confidentiality, storage, destruction, encryption. They have to make sure that administrative, technical and physical safeguards are in place. Routine risk analysis is also required.
HIPPA regulations applicable to organizations are HIPPA Privacy (Keeping PHI safe from people) and HIPPA Security (Keeping PHI especially electronic form from hackers, theft, disaster, etc.)
It has 3 parts:
- Empoyee Training.
- Implementation of formal documents and control
- Appointing a compliance officer.
ISO 27001 is internationally recognized as the standard providing the requirements for an Information Security Management Systems (ISMS). An Information Security Management System provides a procedure for managing sensitive information pertaining to the company to make the information secure. The main components of an ISMS are confidentiality, integrity, and availability. ISO 27001 covers 95% of the requirements set forth by HIPAA.
Smaller providers are not exempt from HIPAA. They usually do not have the resources and expertise to properly implement an Information Security Management System to meet the requirements set by HIPAA. Our specialized consultants can help you to emplement an integrated system to make you compliant with HIPAA rules and get you ISO 27001 certified.
Our Consultation Service includes:
- Gap/Risk Analysis
- HIPPA implementation (45 CFR 164.316)
- Information Security Management System implementation
- Training of employees
- Assistance with internal and external auditing
- ISO 27001 Certification