The Health Insurance Portability and Accountability Act (HIPAA) was enacted by US Congress in 1996, designed to safeguard Protected Health Information that exists in an electronic form, otherwise known as ePHI. Enforced by the Office of Civil Rights (OCR), HIPAA regulations cover both the security and privacy of protected health information.
HIPAA applies to healthcare providers, healthcare plans, clearinghouses, as well as contractors who act on behalf of healthcare organizations, where ePHI is involved. According to the OCR, 90% of all entities reviewed in the first round of audits fell short of compliance. Failure to comply with HIPAA can result in civil and criminal penalties.
No two healthcare organizations are exactly alike, and the HIPAA security safeguards can be challenging to apply and open to interpretation.
Herjavec Group’s expertise and leadership in comprehensive security services can help you achieve compliance without sacrificing your business objectives.
Why Herjavec Group?
- We offer a hands-on, flexible approach, tailored to meet your organization’s uniqueness and requirements.
- We are a global organization with expert knowledge of multinational regulations and industry directives.
- From identity and access management to incident response, we have expertise and leadership in comprehensive security services to support your complete IT Security lifecycle.
- We bring decades of assessment experience and a keen understanding of specific technologies deployed in your environment.
Herjavec Group recommends that all organizations under HIPAA jurisdiction undergo an initial Privacy Impact Assessment. While performing this assessment we adhere to the NIST SP 800 and ISO 27002 frameworks to validate weaknesses that may be exploitable, leaving sensitive data or ePHI at risk.
We meet with your organization’s stakeholders to identify how your organization protects personal and/or personal health information as it is collected, used, disclosed, stored and ultimately destroyed. These assessments may extend beyond healthcare providers to include third party contractors or business associates.
After the initial assessment and discovery phase, we deliver a detailed report including the risks identified and a roadmap to achieve compliance.
We work with you to develop a step-by-step action plan. We provide supporting documentation to ensure you can demonstrate your efforts if an audit occurs.
- Executive summary with insight into your current compliance posture and potential risks
- Security gap analysis prioritized according to impact on HIPAA compliance
- Detailed roadmap and action plan for obtaining compliance, including conceivable shortfalls and a potential cost/benefit analysis
- Customized presentation and executive briefing to ensure accurate knowledge transfer
Following the initial HIPAA assessment, used to address immediate and unique needs, Herjavec Group offers additional technical expertise and support in order to maintain continuous compliance and advance your security posture moving forward: