HIPAA Services.

We don't just do CMMC. If HIPAA the name of your compliance game, we can help!

Healthcare Businesses (Doctors, Dentists, etc)

• Daily handling of PHI makes your business a Covered Entity and required to meet HIPAA.
  
• Work side by side with your business and IT to improve cybersecurity.
• We are your compliance experts every step of the way.
• Will have you HIPAA compliance with all the required updates and documentation for your business.

Lawyers

• Think HIPAA only applies to doctors? Think again.
• We provide an evaluation of your current compliance status.
• Work with your IT to improve cybersecurity required by HIPAA.
• Write the correct documentation (policies) and assist in training staff.
• Work with your business to update processes that may be out of compliance.

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provide a nationwide regulatory framework for how medical records are accessed, stored, and shared.
HIPAA is comprised of 3 core rules and associated amendments:
​
Privacy Rule Security Rule Breach Notification Rule Omnibus Rule 
The Privacy rule protects confidentiality and consent for patient health information, Security Rule establishes standards of security or the transmission, storage and usage of electronic patient health information, and the Breach Notification Rule establishes expectations organizations handling patient health information must complete in the event of a breach of information.

The last rule, Omnibus rule applies the core 3 to business associates.

These are just a quick insight to what HIPAA is and why the government mandates protection of such information.

*Note: The Security Rule is currently in proposal phase to update it and establish clearer standards and more requirements.

Who needs to follow HIPAA?

HIPAA applies to covered entities and select business associates.
A HIPAA-covered entity is any organization or individual that collects, creates, or transmits PHI or electronic PHI (ePHI) through physical or virtual means. Specific examples include but are not limited to:

• Healthcare providers, both individual and institutional
• Health insurance providers and health plan administrators
• Healthcare clearinghouses dedicated to processing PHI data

Business associates are entities that utilize, transmit, or otherwise come into contact with PHI in the course of performing work for a covered entity. HIPAA Business associate roles and responsibilities have a range of use for PHI such as: 

• Third-party medical and administrative consultants and facilities
• Billing companies 
• Electronic health record (ESR) platforms 
• Physical storage, faxing, and shredding providers
• Cloud service, email hosting, and IT providers
• Managed service providers (MSPs)
• Accountants and auditors
• Lawyers and legal service providers

In practice, legal professionals handling PHI through record retrieval or general trial processes may be considered HIPAA business associates. As such, they may need to comply with HIPAA.

 A good rule of thumb, if you touch PHI for business use, you need to protect the information.