HIPAA Compliance

In recent years the HHS Office for Civil Rights has increased its HIPAA audits and fines targeting covered entities ranging from small offices to very large institutions. In addition to fines and settlements in the tens of millions of dollars, the federal government is pursuing criminal prosecution at every level, including low level employees, management and physicians.

CompliancyGuard is a web based solution designed by auditors. Used by covered entities and business associates to quickly and cost-effectively Achieve, Illustrate, and Maintain HIPAA, HITECH, and Omnibus Compliance.

Conducting an adequate risk analysis is an essential part of the Omnibus rule. In case of a data breach, the Office for Civil Rights will seek evidence that an adequate risk analysis was conducted.

The following are five of the most important categories under the HIPAA/HITECH Omnibus rules:

1. Business Associate Accountability: HIPAA Compliance is extremely important, as the new rule expands how “business associates”, are defined. Any business that sends or regularly access patient data is considered a business associate. Business associates includes health IT companies, personal health records vendors, e-prescribing gateways or any one that transmits or gather patient data.
2. Patient Access: The rule also stipulates that patients must have access to their medical records in their preferred electronic format regardless of any added security risk. In this case, providers are only obligated to inform the patients of the increased risk. Documenting such interactions with the patients is essential in safeguarding the provider, mitigating the provider’s liability and ensuring HIPAA Compliance.
3. Marketing Partners: Providers must obtain permission from each patient before partnering with third-party service for marketing purposes. This rule includes third-parties that wish to sell to the patient or simply collect payment.
4. Protected Data for the Deceased: Providers can release health care data regarding a deceased person to family members, close friends, or others that the patient indicated was involved in their care or payment of care.

The benefits of utilizing the CompliancyGuard service include:

1. Self Auditing, Gap Identification, and Remediation Plans
2. Privacy and Security Risk Assessments
3. Incident Management
4. Business Associate Management
5. Document and Version Control
6. Cloud Based
7. Training and Attestation Tracking
8. HIPAA Coaches
9. HIPAA Hotline
10. ​PCI Audit

Whether a single practice or a large multi-facility entity, CompliancyGuard is a HIPAA compliance-tracking solution providing Security and Privacy Audits, reporting, and document management including Policy & Procedures for all HIPAA compliance, HITECH, and Omnibus regulations.

Achieving HIPAA Compliance will ensure peace of mind to providers and their patients. To learn more about our HIPAA Compliance service, CompliancyGuard, please fill out the contact form below or call us at (800) 996-0975.​