Take control of HIPAA compliance with TrustArc technology and services
The Health Insurance Portability and Accountability Act (HIPAA), was passed in 1996 and has become the foundational data protection standard in the U.S. for the healthcare industry. HIPAA does not apply to all healthcare entities but it does apply to:
- Covered entities – Health plans, health care clearinghouses (i.e., billing services) and any health care providers that engage in electronic payment for healthcare
- Business associates – Vendors to covered entities that have access to protected health information – PHI (e.g., law firms, software providers, etc.)
Fines for violating HIPAA are severe – from $100 to $50,000 per violation with a maximum penalty of $1.5 million per year for each violation.
Achieving, maintaining and demonstrating compliance with HIPAA means companies must implement HIPAA’s administrative, physical and technical safeguards, exercise heightened diligence over vendors where they share PHI and meet the HIPAA breach notification requirements. TrustArc suggests the following to comply with HIPAA:
- Assess your business – Determine if HIPAA applies to your business; conduct a gap analysis against HIPAA requirements; determine cross-compliance overlap; and map processes to determine the scope and reach of HIPAA to business activities, data, systems/applications and vendors.
- Implement HIPAA compliance – Develop or enhance policies to comply with HIPAA; build a successful vendor management program; implement individual rights mechanisms; and develop a privacy impact assessment.
- Maintain compliance – Perform a thorough annual risk assessment and maintain ongoing compliance activities (i.e., policy updates, employee training, vendor assessments, etc.).
TrustArc can help with all these key areas of HIPAA assessments. TrustArc has extensive experience working with companies in the healthcare field including both covered entities and business associates. We assist companies throughout the lifecycle of HIPAA compliance from immediate needs such as determining if HIPAA applies to a business, initial risk assessments and employee training, to long-term needs such as vendor management, data inventory and PIAs. We can also partner with companies on corrective action plans under regulatory oversight.
Our HIPAA assessment methodology is automated through the TrustArc Privacy Platform. The TrustArc Privacy Platform provides a comprehensive solution to manage your privacy program. The platform includes a centralized dashboard with privacy compliance KPIs, a regulatory news and privacy insights feed and the ability to monitor risk and program maturity level. The platform and each of its modules are integrated and scalable, so they work together from the start and grow with you as your company needs change. As a SaaS solution, it’s easy to implement and easy to support.