Information Technology Risk and Compliance Services
For over 15 years, HIPAA has been regulating ePHI (electronic protected health information) in use at healthcare providers, insurance plans, and medical clearinghouses.
In 2009, the HITECH Act extended the reach of the laws. With the passing of the final HIPAA Omnibus Rule of 2012, compliance is required for these covered entities and their vendors (business associates). A failure to comply can lead to criminal and civil penalties for covered entities and business associates.
IT Risk Assessments
The first step to HIPAA Security is the IT Risk Assessment.
- Governance, Risk, and Compliance Tool Implementation Assistance
- HIPAA Security, Privacy, and Breach Policy Implementation Assistance
- Development of IT Security Policies and Procedures
- Development of IT Continuity and Disaster Recovery Plans
- Ongoing IT Security Monitoring
- Payment Card Industry (PCI) Assessments