Important! New mandatory data breach reporting laws may impact your company.

HIPPA Compliance

HIPPA Compliance

Any healthcare organization that stores, processes or transmits personal health information (PHI) is required to comply with the Health Insurance Portability and Accountability Act and safeguard all protected data. The related HITECH Act mandates securing a new regime of electronic health records (EHR) — and prescribes stiff penalties for organizations that fail to do so. At Cybernetic Global Intelligence our goal is to simplify the process for healthcare companies and guide them through the process to ensure they are compliant and safe from liability. 

HIPAA Components

HIPAA features three components related to data protection: the Security Rule, the Privacy Rule and the Breach Notification Rule. Each one is encompassed by the overarching Omnibus Rule, which took effect in 2013 and ushers in enforcement of business associates for the first time.

1. Security Rule

This rule dictates the administrative, physical, technical controls necessary to secure electronic protected health information (ePHI), whether it is created, maintained, stored or in transit. Among the requirements: Covered entities and business associates must conduct risk assessments and prevent against unauthorized access.

2. Privacy Rule

This rule institutes safeguards for the control of personal health information, no matter its format: oral, written or electronic. Broadly, it sets limits for the disclosure of patient information without their consent and spells out the rights patients have over their data.

3. Breach Notification Rule

This rule orders HIPAA-covered entities and their business associates, in the event of a data breach involving ePHI, to notify affected individuals, the secretary of the U.S. Health & Human Services Department (HHS) and, in some cases, prominent media outlets – unless they can prove there is a low risk of compromise based on a risk assessment.

 

 

 

Penalties

People expect healthcare organizations to keep their personal health information confidential and safe from data breaches and other exploits. Healthcare organizations also have self-interest at heart because penalties for non-compliance with HIPAA / HITECH can be substantial. In cases of "willful neglect," a HITECH penalty can be at least $50K per violation up to a total of $1.5 million in a calendar year. Other breach-related costs will be incurred for discovery and containment, investigation of the incident, remediation expenses, attorney and legal fees, loss of customer confidence, lost sales and revenue, brand degradation, and so on. Compliance is a serious responsibility on many levels.

Why Do You Need an Independent Assessor?

Your organization's compliance program should address two issues: (1) selecting and deploying security controls that meet HIPAA / HITECH requirements, and (2) providing a way to regularly audit the status of those controls to ensure continuous protection of PHI and EHR, and ongoing compliance. Providing an independent assessor with audit-quality documentation of these steps and your security measures simplifies compliance audits.

  • Prevent liability and avoid fines and expenses such as remediation and legal fees.

  • We can help identify the gaps in your security that do not meet HIPPA requirements.

  • Simplified yet comprehensive solution for achieving HIPPA compliance.


Would you like more information about our HIPPA Compliance Services?

Fill out the form below and one of our representatives will get back to you shortly. Or simply call us on 1300 292 376.

*We guarantee 100% privacy. Your information will not be shared.