The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996. This was the first time that generally accepted standards for the security and protection of health information were brought into existence. In 2009, HITECH (Health Information Technology for Economic and Clinical Health) extended the scope and depth of HIPAA.
With the advent of new systems such as EHR and other computerized management systems, we have seen significant improvement in the operations at medical practices in their use and management of electronic health information. However, this has created a significant increase in the number and kind of threats to this electronic information. This information is at constant risk of loss, theft, tampering or disclosure.
HIPAA and HITECH lay out strict standards to help control these threats with standards that govern the security and privacy of this private health information. Any entity that transmits health information in an electronic format must comply with these standards. The “Final Omnibus Rule” which went into effect in March of 2013 made changes to HIPAA and extends the direct liability for those covered and complying with HIPAA security and privacy rules beyond the Covered Entity to their Business Associates as well. A major facet of the Final Omnibus Ruling increases penalties for non-compliance to up to $1.5 million per violation.
So why use Airiam for your HIPAA compliancy services?
A partnership for everyone’s security
Airiam brings extensive network and data security management and compliance expertise to your practice. Our thorough understanding and knowledge of the HIPAA requirements helps you prepare for, achieve, and maintain HIPAA security compliance requirements. We will guide you in managing:
- Physical safeguards
- Administrative safeguards
- Technical safeguards
- Business associate safeguards
- Policies and procedures documentation
HIPAA security compliance management – A risk-based approach
Airiam’s HIPAA Security Officers use a simple, risk-based approach to guide you through the process:
- Security assessment
- Network security implementation
- Documentation
- Attestation and
- Maintenance of HIPAA security compliance
This helps you to prioritize the most critical areas of compliance that you need to work on first to ensure you achieve compliance with HIPAA security as quickly as possible.
The Right Tools for an accurate assessment
Airiam has many tools available to help you to achieve compliance and to better manage and maintain your protected healthcare information’s security. This includes:
- Onsite/offsite assessment
- Gap analysis
- Vulnerability scanning
- Penetration testing
- Security appliances
- Breach coverage
Comprehensive reporting and documentation
Achieving compliance without a roadmap will never happen. To make sure that you know specifically what needs to be done to achieve compliance in your practice is a primary goals of Airiam’s HIPAA Security Officers. They will review with you the detailed reports that are generated during the analysis process. These reports summarize your vulnerability scan results, initial compliance status, remediation recommendations and requirements, and your roadmap to achieving overall compliance.