HIPAA Compliance Services and Training

Modern healthcare organizations understand the patient data they have is one of their most valuable assets. At the same time, the Protected Health Information (PHI) they hold also puts them at risk of breach of compliance with HIPAA regulations overseeing the safeguarding of their patients’ medical and identity information. Practices not only need to have HIPAA Compliance policies, procedures, and training up to date, but they must also have defined protocols which can be deployed in case of a breach. Failure to have an up-to-date, ongoing HIPAA Compliance program can put a practice at risk of costly fines and reputational damage.

We can help you with:

HIPAA Services

Through comprehensive assessments and ongoing maintenance, we address all required safeguards and provide solutions for current privacy challenges including emerging areas such as telehealth.

Security Risk Assessment

We take the first step to ensure your organization is compliant with HIPAA’s administrative, physical, and technical safeguards by assessing current security measures and identifying vulnerabilities.

Actionable Risk Management Plan

Remediating the risks identified in the assessment is next. We also work with you on implementation to ensure ongoing compliance.

Site-Specific Policies & Procedures, and Form Development

We create customized documentation to reflect your operational workflows with defined parameters for HIPAA compliance.

Site-Specific Training

Successful compliance relies on the actions of everyone. We design custom online trainings to keep your employees updated on regulations and practiced in avoiding phishing and other scams.

EMR Optimization

Creating a single source for patient data goes beyond compliance, bringing efficiencies, accuracy, and ease-of-use.

Breach Determination & Notification Process

HIPAA incidents are inevitable. When they occur we save you time and money by helping to determine what’s reportable and ensuring the correct reporting process is followed.

Audits of Compliance Maintenance

Data collection and analysis of your current processes and information systems is key to identifying opportunities for improvement and for continuity of compliance.

Assisting with HHS Office of Civil Rights Desk Audits

Once a breach is reported, the Office of Civil Rights may seek additional information to see how well your organization has been maintaining its HIPAA Compliance. We navigate this process with you.

HIPAA Assessments

We conduct physical and remote audits of your practice and assess your healthcare conformance to HIPAA security and data privacy requirements for administrative, physical and electronic data. Since failure to comply can result in fines up to $1.5M, our audit results can help you get ahead of potential risk.

As part of this, we determine what PHI your office holds on each patient and the security measures you have in place to protect that information. We also uncover any potential security roadblocks and predict the likelihood of a threat. We follow this up by giving you a documented Security Risk Assessment.


HIPAA Manuals

Once we’ve assessed where you are and where you need to be for HIPAA compliance, we’ll help you create the documented security risk and policy and procedure framework that outlines the workflow, protocols and processes to help you meet government requirements. And, as regulations continue to be updated given the rise of telehealth and other new healthcare models, we securely update, share and store these electronic manuals and associated documentation in our custom Regulatory Compliance Management System.

Also included in the HIPAA Compliance manual are sample forms and protocols for the distribution of Notice of Privacy Practices.

HIPAA Training

HIPAA Compliance Certification is an administrative requirement and the cost of noncertification is too difficult to ignore. Effectively implementing workflows and protocols for HIPAA compliance requires that all employees understand the rules of HIPAA and what is required of the practice. HCN offers custom training programs – either in-person or virtually – specifically designed for your practice and appropriate to the role of each employee, to keep your staff updated on your HIPAA action plan, breach notification procedures, as well as emerging cybersecurity and data privacy threats and how to identify and mitigate them.

The courses are conducted using HCN’s advanced Learning Management System and are customized to reflect your organization’s HIPAA hierarchy.

There are four categories used for the penalty structure for HIPAA violations:

  • Category 1: A violation that was not known and could not have been discovered with reasonable diligence.
  • Category 2: A violation that had reasonable cause, but not due to willful neglect.
  • Category 3: A violation due to willful neglect, but corrective action was taken.
  • Category 4: A violation due to willful neglect, where no attempt was made to correct the violation.

Each category of violation carries a separate fine.

  • Category 1: $100-$50,000 per violation, capped at $25,000 per year the issue persisted
  • Category 2: $1,000-$50,000 per violation, capped at $100,000 per year the issue persisted
  • Category 3: $10,000-$50,000 per violation, capped at $250,000 per year the issue persisted
  • Category 4: $50,000 per violation, capped at $1.5 million per year the issue persisted

The fines are issued per violation category, per year that the violation was allowed to persist. The maximum fine per violation category, per year, is $1,500,000.

Bottomline: Your healthcare organization will never be 100% HIPAA compliant, but as along as there is an ongoing effort to audit, implement, train, document and maintain, the ‘willful neglect’ label can be avoided.

Recent HIPAA News

HIPAA Regulation Updates

Will 2023 Finally Usher in the New HIPAA Regulations

Back on December 10, 2020,  the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) issued the Notice of Proposed Rulemaking (NPRM) with proposed changes to the Privacy Rule. The proposed modifications support individuals’ engagement in their...

Too Much of a Good Thing?

Let’s face it, running a healthcare business without some type of third-party assistance is difficult. Lawyers, accountants, IT providers, billing services all help to make the day-to-day operations of medical practices possible. But those services and others pose a...