HIPAA Consulting Overview
We provide HIPAA consulting and implementation support. This includes identification and assessment of EPHI in the network, risk assessment, vulnerability assessment, detail recommendations, policy/documentation support, gap implementation tracking, training, coaching data protection officers, internal audit, and management review leading to successful HIPAA compliance,
What is the approach for successful implementation?
There are primarily five phases, and in each phase there can be several sub-phases:
Phase I – Scope determination
that part of the organisation/network which needs to be covered which needs control prioritization.
Phase II – Asset identification/Risk Assessment/Gap Analysis
risk assessment is key to determine the scope of infrastructure and the requirement for controls. This phase results in identification of each gap.
Phase III - Implementation
through definition of policy/procedure/documentation and relevant people/process/technology records.
Phase IV – Internal Audit
is the process of verifying successful implementation, on one hand, and the inclusion of security principle in business lifecycle on the other.
Phase V – HIPAA certification
Total duration of each milestone can vary depending upon the complexity of the organisation. Talk or write to us at firstname.lastname@example.org to know how we can take you through a successful journey.
HIPAA Rule covers the following key areas
- Security Management Process
- Assigned Security Responsibility
- Workforce Security
- Information Access Management
- Security Awareness and Training
- Security Incident Procedures
- Contingency Plan
- Business Associate Contracts and Other Arrangements
- Facility Access Controls
- Workstation Use
- Workstation Security
- Device and Media Controls
- Access Control
- Audit Controls
- Person or Entity Authentication
- Transmission Security
- Business Associate Contracts or Other Arrangements
- Requirements for Group Health Plans
Policies and Procedures and Documentation Requirements