HIPAA sets out data privacy requirements for companies that gather and maintain healthcare records for patients (Protected Health Information or PHI, covering both hard copy and electronic PHI). This includes not only medical facilities, such as hospitals and clinics, but also health insurance agencies and any other company that gather records related to an individual’s healthcare.
The HIPAA rules are vast and detailed. Without a proper understanding of the HIPAA requirements and how they may apply to your organisation, you could suffer large financial fines from the HIPAA governing body (the U.S. Department of Health & Human Services, HHS) for violating the required safeguards, even if no breach of PHI or ePHI data has occurred.
Businesses often engage an experienced, independent expert in the HIPAA regulation, its rules and requirements. This HIPAA specialist can make sure the organisation fully understands the scope and applicability of HIPAA to their business, helping them to develop a strategy for and controls to protect the confidentiality, integrity, and availability of PHI.
Sysnet’s team of information security professionals include consultants experienced in working with the HIPAA regulation and helping companies get ready for HIPAA compliance. Our consultants can walk you through the documentation and processes needed to become fully compliant with HIPAA.
Since HIPAA compliance can only be certified by the HHS Office for Civil Rights (OCR), your Sysnet consultant can take on the role of “trusted advisor” for your team. They can answer your questions about the HIPAA requirements, the level and extent of documentation needed and the practices that must be implemented to be ready for your certification audit.