• HIPAA was initially published on 1996 to protect an employee health insurance benefits while changing employment.
  • HIPAA Privacy and Security rules (added in 2003, and 2005 respectively) provides for protecting the personal health information.
  • Additional legislations (Breach Enforcement Rule (2006), HITECH act (2009), Breach Notification Rule (2009) and Final Omnibus Rule (2013), further increased the legal framework required to protect, secure, report and expand the scope of security obligations.
  • If your organisation is an either a covered entity or a business associate, you need to be HIPAA compliant.
  • In Coral we have successfully advised and implemented HIPAA compliance for business such as Insurance companies, cloud providers, software as a service providers, product companies, medical service providers, and business process outsourcing companies.
  • Using a 6-step methodology, we ensure that all the applicable requirements of the law and the best practices are designed, documented, implemented and monitored, thereby ensuring you remain HIPAA compliant.

Kindly share your details for HIPAA requirements

What is the approach for successful implementation?
There are primarily five phases, and in each phase there can be several sub-phases:

PHASE I - Scope Determination

That part of the organisation/network needs to be covered which needs control prioritization.

Asset Identification/Risk Assessment/Gap Analysis

Risk assessment is key to determine the scope of infrastructure and the requirement for controls. This phase results in the identification of each gap.

PHASE III - Implementation

Implementation through definition of policy/procedure/documentation and relevant people/process/technology records.

Internal Audit

Internal Audit is the process of verifying successful implementation, on one hand, and the inclusion of security principles in the business lifecycle on the other.

HIPAA Compliance

At this stage you can declare yourself to be HIPAA compliant

Security Coverage

HIPAA Rule covers the following key areas

Administrative Safeguards
  • Security Management Process
  • Assigned Security Responsibility
  • Workforce Security
  • Information Access Management
  • Security Awareness and Training
  • Security Incident Procedures
  • Contingency Plan
  • Evaluation
  • Business Associate Contracts and Other Arrangements
Physical Safeguards
  • Facility Access Controls
  • Workstation Use
  • Workstation Security
  • Device and Media Controls
Organizational Requirements
  • Business Associate Contracts or Other Arrangements
  • Requirements for Group Health Plans
Technical Safeguards
  • Access Control
  • Audit Controls
  • Integrity
  • Person or Entity Authentication
  • Transmission Security

We provide bespoke training, listed below are our offerings.

  • Shorter Sessions from 1 hour to 4 hours
  • Interpretation of the HIPAA requirements
  • 1 Day Awareness Session
  • 2 Days Internal Audit Course
  • 3 Days Implementation Course covering 10+ hands-on exercises

Upon receiving your request, we will provide you further details.

Documentation Toolkit

HIPAA requires documentation of policies, procedures and records. As a result of several consulting assignments, we have some of the best content available that covers all the requirements.

Our documentation has the following salient features:

  • Alignment with all HIPAA policy documentation requirements
  • Our experiences turned into documentation templates
  • Project Tracking tools to support the implementation
  • Q&A support

Upon receiving your request, we will provide you further details.

Internal Audit

An independent assessment helps to assess the state of compliance. Our internal audit methodology includes people, process, technology and measurements to assure and provide management the degree of HIPAA compliance. Typically it takes 3-5 days to perform a comprehensive internal audit.

Upon receiving your request, we will provide you further details.

Risk Assessment

HIPAA requires a comprehensive risk assessment of ePHI infrastructure that covers users, information assets, network services, policies and procedures, breach response procedure to name a few. We have a complete risk assessment methodology that helps you achieve demonstrate HIPAA requirements.

Let us know if you are interested.

Upon receiving your request, we will provide you further details.

Program Management

Our consulting methodology experience has helped us to understand – what it takes to design and maintain a successful HIPAA compliance. The outsourcing model removes the compliance responsibility to an external team, whereas the management focuses on customer/business delivery.

Upon receiving your request, we will provide you further details.

Call or write to us at :
for proposal / roadmap / information