PSC provides a comprehensive assessment process for any organization that is subject to HIPAA regulations. PSC will provide guidance for the organization to determine their applicability to the standard as a “covered entity” and to make sure that organizations are implementing the correct and effective controls for HIPAA compliance, including administrative, physical and technical controls.
The requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) are to address the use and disclosure of individuals’ health information—called “protected health information” by organizations.
The primary goal of HIPAA is established through use and disclosure procedures put in place to protect individuals’ health information by ensuring confidentiality and accuracy, through proper handling of data and implementation of audit controls.
Given that the health care industry is diverse and many organizations may be subject to HIPAA due to the payments they process or the entities with which they exchange information it is vital to be assessed by an independent third party.
PSC will provide guidance for the organization to determine their applicability to the standard as a “covered entity” and to make sure that organizations are implementing the correct and effective controls for HIPAA compliance, these include:
- Administrative Controls – policies and procedures designed to clearly show how the entity will comply with HIPPA, including privacy controls, management oversight; access controls; employee management, training, vendor management, contingency plans, backups of data, internal audits and incident response.
- Physical Safeguards – controlling physical access to protect against inappropriate access to protected data, including hardware and software controls; physical access controls; authorization for access; maintenance procedures; visitor controls and vendors.
- Technical Safeguards – controlled access to computer systems and secure communications PHI when transmitted electronically, including intrusion detection and prevention; data integrity controls; message authentication; password management; non-repudiation controls; telecom security; configuration management and technical risk analysis.
PSC will provide an comprehensive gap analysis report for HIPAA compliance; assistance in the creation and implementation of any missing documents; assistance with remediation as required and a final report detailing the entities HIPAA compliance status.
Please contact us for more information