What is HIPAA?
HIPAA is an acronym for the Health Insurance Portability & Accountability Act of 1996 that provides very specific rules & regulations surrounding a patient’s health information.
This is called Protected Health Information (PHI) as well as Electronic Protected Health Information (“ePHI”). There are also very specific penalties & fines upwards of $1.5 million per incident/record & up to 10 years in prison.
This act calls for all covered entities that works with PHI to safeguard all patient information & requires specific policies & procedures to be followed! A simple rule of thumb to follow is, if your organization bills electronically… then you need to be compliant! The ramifications of not doing so are very costly!
To be considered compliant you need to perform the following 7 steps that lead towards your compliancy:
o Annual Privacy & Security Risk Assessment
o Validate that the network is secure
o Regular follow ups & reviews
o Any time there is a significant change
o Employee Training on HIPAA & related training
o The need to provide 6-years of training records
o Maintain Business Associates Agreements (BAA)
o All vendors that have access to your PHI electronic or hardcopy
o Policies & Procedures
o Proof that they are reviewed annually
o Disaster Recovery & Business Continuity Plans in place
o Network Vulnerability Risk Assessment for HIPAA
o Validate that your networks, servers, workstations are secure
o Network Vulnerability Risk Assessment for Payment Card Industry (PCI/DSS)
o This includes all organizations that accept credit cards for payments
o Validates the cardholder information is secure
Please send an email to firstname.lastname@example.org or call us at 773-482-2005 for more information on how we can assist your organization!