HIPAA Compliance Assessment

Despite abundant regulation, healthcare organizations continue to fall prey to malicious hackers and negligent insiders. In 2010 alone, 182 healthcare security breaches reported to the Privacy Rights Clearinghouse exposed 2.8 million records of patients, staff and employees. Data breaches have far-reaching impacts, and in 2010 cost the average U.S. organization $7.2 million per breach in terms of remediation, notification and customer churn, according to the Ponemon Institute. In the first month of 2011, a Health Net security breach exposed almost two million personal records, and could ultimately cost that organization as much as $655 million in notification, remediation, and churn.

There is absolutely no reason to accept these risks. Every organization is vulnerable—but the smart ones want to understand exactly where they are vulnerable and what actions they can take to mitigate those vulnerabilities, and thereby ensure that sensitive data assets remain safeguarded from the rising tide of cybercrime.

SECNAP Network Security is a trusted advisor to clients in the healthcare industry, as well as their business associates, for our ability to effectively address their evolving security and privacy needs. By leveraging our comprehensive suite of assessment services, CIOs, CISOs, compliance officers and IT directors have been able to dramatically reduce vulnerabilities, enhance the protection of sensitive data, and substantially improve their organizations’ compliance positions.

Tools, Skills, and Resources

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires healthcare providers to establish administrative, technological, and physical safeguards to ensure the confidentiality and integrity of Protected Health Information (PHI).

By enlisting third-party assistance, healthcare providers ensure that experienced, objective experts are engaged appropriately, while enabling in-house IT and audit staff to remain focused on core business demands.

Our certified security auditors leverage a complete audit tool kit, in tandem with extensive experience in assessing compliance, to ensure that every client receives thorough, actionable information.

Audit tools may include automated testing and network and wireless scans, as well as personnel interviews, phone and email solicitations, policy reviews, procedural and process evaluations, and in-depth analyses.

The HIPAA compliance-preparedness review is an ideal strategy for healthcare providers who may lack the internal resources to evaluate their compliance gaps, or who want an objective, expert view as to what changes might be required to become HIPAA compliant.

What You'll Gain with this Assessment

Key HIPAA requirements include identifying and assessing security risks, planning and implementing security solutions to protect sensitive information, and establishing measures to monitor and manage security systems.  Section 1173 cites security standards for health information and outlines high-level privacy and security requirements.  The HIPAA review will:

• Create a security benchmark for your organization with respect to specific compliance requirements of HIPAA, including administrative, technological and physical safeguards.
• Identify the strengths and weaknesses of current security practices, including treatment of PHI.
• Prioritize the exposures by degree of risk, to assist in realistically planning remediation.
• Deliver risk mitigation recommendations that address HIPAA-centric compliance requirements, applicable CFR standards, and best business practices for your organization and the healthcare industry.
• Help your organization avoid becoming a data breach headline or privacy violation statistic.

Assessing HIPAA Compliance Preparedness

Combined with an overall IT Security Assessment, the HIPAA Assessment is a vital tool in gauging compliance-readiness. This review of information flows, policies and practices provides a framework for understanding the scope of remediation required for compliance in terms of Administrative, Technological and Physical Safeguards.

For a listing of specific review activities, please download the PDF at top right.

Deliverables

Upon completion of this assessment, deliverables include a Detailed Report (draft and final), Executive Summary, and supporting data such as scan results. Together, these provide a complete picture of current vulnerabilities, and the actions recommended to address them to bring your security program up-to-date and into compliance.