Edafio is actively working with any potentially affected customers to address the Log4j vulnerability (CVE-2021-442288)
Maintaining compliance with the Health Insurance Portability and Accountability Act (HIPAA) is more critical than ever.
Edafio Healthcare Consultants provide a review of current policies while offering recommendations, assist in customizing policy and procedure templates, and providing education and training on HIPAA regulations. Practices find our approach beneficial in their journey to put their policies into practice and action on remediation that needs to be performed using a systematic approach.
A Definition of HIPAA Compliance
The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have administrative, physical and technical safeguards to protect the confidentiality, integrity and availability of e –PHI and comply with risk analysis requirements of the Security Rule.
Who needs to be compliant?
HIPAA regulation classifies two types of organizations that require HIPAA compliance.
- Covered Entities: HIPAA regulation defines a covered entity as any organization that collects, creates, or transmits PHI electronically. Healthcare organizations that are considered covered entities, including healthcare providers, healthcare clearinghouses, and health insurance providers.
- Business Associates: HIPAA regulation defines a business associate as any organization that encounters PHI in any way throughout work that contracts to perform on behalf of a covered entity. There are many business associates examples because of the broad scope of service providers that may handle, transmit, or process PHI. Common examples of business associates affected by HIPAA rules include:
- Billing companies
- Practice management firms
- Third-party consultants
- EHR platforms
- MSPs
- IT providers
- Faxing and shredding companies
- Physical storage providers
- Cloud storage providers
- Email hosting services
- Attorneys
- Accountants, and many more.
HIPAA Assessment
INFO PROTECTED BY HIPAA INCLUDES:
- Names
- Birth, death or treatment
- Contact Information
- SSN
- Medical Record Numbers
- Photographs
- Finger and voice prints
- Any other unique identifier
Are you compliant?
Take our assessment to find out how you can benefit from Edafio’s healthcare consulting services.
DEVELOPING A PLAN FOR ONGOING COMPLIANCE
Is your organization a healthcare provider (or a third-party service plan to one of them), clearinghouse, or clinic? Health Insurance Portability and Accountability Act can be challenging whether you are just learning about it or are a veteran in the healthcare space. Suppose you are worried about the effectiveness of your HIPAA compliance program or looking for help to complete your periodic reviews. Edafio has the expertise and processes to support you and your organization.
Compliance involves meeting the HIPAA Privacy Rule and HIPAA Security Rule requirements, and these rules are intended to protect patients’ Protected Health Information (“PHI”). HIPAA requires that organizations subject to the HIPAA Security Rule “continually” (e.g., at least annually) evaluate the organizational, environmental, and technical safeguards they have to protect the security of the PHI they use or disclose or be liable to regulatory penalties. While knowing the risks and interpreting those risks into useful tasks is a crucial part of compliance, it is also essential to develop an audit trail addressing remediation items. Edafio can help in this regard – as part of a Security Risk Assessment or a more mature, fully developed Compliance Program. Our consultants can meet you where you are on the journey to keep your patients’ data safe.
Questions about HIPAA Compliance?
Edafio Healthcare’s consulting team has decades of combined compliance experience in the healthcare industry. Our team has worked with numerous healthcare entities, business associates of covered entities, and other healthcare-related companies supporting their compliance activities.
There is no greater support than consultation and guidance. When you talk, we listen, then provide a tailored solution for your business needs. Our certified specialists are standing by to help.
HAVE A QUESTION ABOUT ONE OF OUR SERVICES?
