Developing a Plan for Ongoing HIPAA Compliance
Is your organization a U.S. health plan, healthcare clearinghouse or health care provider (or a third-party servicer to one of them)? Whether you have just become subject to the Health Insurance Portability and Accountability Act, popularly known as HIPAA, or have been subject to it for a while, you know that HIPAA compliance can be very challenging.
Compliance usually involves meeting the requirements of the HIPAA Privacy Rule and HIPAA Security Rule, which are designed to protect patients’ Protected Health Information (“PHI”). And this is an ongoing challenge – HIPAA requires that organizations subject to the HIPAA Security Rule must “regularly” (e.g., at least annually) review the administrative, physical and technical safeguards they have in place to protect the security of the PHI they use or disclose, or be subject to regulatory penalties. While identifying HIPAA risks and translating those risks into practical tasks is a key part of the battle in HIPAA compliance, it also is important to create an audit trail as to how you address remediation items. TrustArc has an offering to help in this regard – the TrustArc HIPAA Assessment.
TrustArc HIPAA Assessment
The TrustArc privacy consulting team has decades of combined compliance experience in the healthcare industry. Our team has worked with numerous medical device, pharmaceutical, clinical research and other healthcare companies supporting their compliance activities under HIPAA. Our HIPAA compliance assessment methodology is automated through the use of two modules of the TrustArc technology platform – Assessment Manager and Data Inventory Hub.
3-Step HIPAA Compliance Review Methodology
Our proven three-step methodology is a fast and effective way to assess your current HIPAA privacy position, develop a roadmap to get to where you want to be and create an audit record of your efforts.
Through interviews and document reviews, we gain an understanding of your organizational structure – only parts of your business may be subject to HIPAA. We also examine your PHI data inventory and mapping, your HIPAA compliance methodology and tools currently in place and other relevant factors. We then identify areas of HIPAA compliance risk requiring further examination. The Organizational Survey provides a summary of this discovery process.
Based on the findings in the Organizational Survey, our consultants drill down more deeply into your business processes in order to map them against the requirements of the Privacy Rule and Security Rule. We then provide a benchmarking of your organization to assess your HIPAA compliance standing. The Benchmarking Report provides a summary of your current HIPAA compliance posture as compared to the desired HIPAA compliance position.
Working with your compliance, IT, legal and other personnel, we construct a HIPAA Action Plan with immediate steps and a long-term roadmap for advancing the HIPAA compliance program to the desired compliance state and maintaining a compliant program thereafter. Our deliverables can become a key part of a due diligence record of your HIPAA compliance efforts for presentation to your Board of Directors and for recording ongoing updates.