Through comprehensive assessments and ongoing maintenance, we address all required safeguards and provide solutions for current privacy challenges including emerging areas such as telehealth.
Security Risk Assessment
We take the first step to ensure your organization is compliant with HIPAA’s administrative, physical, and technical safeguards by assessing current security measures and identifying vulnerabilities.
Actionable Risk Management Plan
Remediating the risks identified in the assessment is next. We also work with you on implementation to ensure ongoing compliance.
Site-Specific Policies & Procedures, and Form Development
We create customized documentation to reflect your operational workflows with defined parameters for HIPAA compliance.
Successful compliance relies on the actions of everyone. We design custom online trainings to keep your employees updated on regulations and practiced in avoiding phishing and other scams.
Creating a single source for patient data goes beyond compliance, bringing efficiencies, accuracy, and ease-of-use.
Breach Determination & Notification Process
HIPAA incidents are inevitable. When they occur we save you time and money by helping to determine what’s reportable and ensuring the correct reporting process is followed.
Audits of Compliance Maintenance
Data collection and analysis of your current processes and information systems is key to identifying opportunities for improvement and for continuity of compliance.
Assisting with HHS Office of Civil Rights Desk Audits
Once a breach is reported, the Office of Civil Rights may seek additional information to see how well your organization has been maintaining its HIPAA Compliance. We navigate this process with you.
We conduct physical and remote audits of your practice and assess your healthcare conformance to HIPAA security and data privacy requirements for administrative, physical and electronic data. Since failure to comply can result in fines up to $1.5M, our audit results can help you get ahead of potential risk.
As part of this, we determine what PHI your office holds on each patient and the security measures you have in place to protect that information. We also uncover any potential security roadblocks and predict the likelihood of a threat. We follow this up by giving you a documented Security Risk Assessment.
Once we’ve assessed where you are and where you need to be for HIPAA compliance, we’ll help you create the documented security risk and policy and procedure framework that outlines the workflow, protocols and processes to help you meet government requirements. And, as regulations continue to be updated given the rise of telehealth and other new healthcare models, we securely update, share and store these electronic manuals and associated documentation in our custom Regulatory Compliance Management System.
Also included in the HIPAA Compliance manual are sample forms and protocols for the distribution of Notice of Privacy Practices.
HIPAA Compliance Certification is an administrative requirement and the cost of noncertification is too difficult to ignore. Effectively implementing workflows and protocols for HIPAA compliance requires that all employees understand the rules of HIPAA and what is required of the practice. HCN offers custom training programs – either in-person or virtually – specifically designed for your practice and appropriate to the role of each employee, to keep your staff updated on your HIPAA action plan, breach notification procedures, as well as emerging cybersecurity and data privacy threats and how to identify and mitigate them.
The courses are conducted using HCN’s advanced Learning Management System and are customized to reflect your organization’s HIPAA hierarchy.
There are four categories used for the penalty structure for HIPAA violations:
- Category 1: A violation that was not known and could not have been discovered with reasonable diligence.
- Category 2: A violation that had reasonable cause, but not due to willful neglect.
- Category 3: A violation due to willful neglect, but corrective action was taken.
- Category 4: A violation due to willful neglect, where no attempt was made to correct the violation.
Each category of violation carries a separate fine.
- Category 1: $100-$50,000 per violation, capped at $25,000 per year the issue persisted
- Category 2: $1,000-$50,000 per violation, capped at $100,000 per year the issue persisted
- Category 3: $10,000-$50,000 per violation, capped at $250,000 per year the issue persisted
- Category 4: $50,000 per violation, capped at $1.5 million per year the issue persisted
The fines are issued per violation category, per year that the violation was allowed to persist. The maximum fine per violation category, per year, is $1,500,000.
Bottomline: Your healthcare organization will never be 100% HIPAA compliant, but as along as there is an ongoing effort to audit, implement, train, document and maintain, the ‘willful neglect’ label can be avoided.
Recent HIPAA News
Let’s face it, running a healthcare business without some type of third-party assistance is difficult. Lawyers, accountants, IT providers, billing services all help to make the day-to-day operations of medical practices possible. But those services and others pose a...
The exchange or release of health information is essential to the provision of high quality and cost-effective health care. The information released should be within the scope of the request, complete based on the nature of the request and submitted timely. This...