HIPAA

The Healthcare Insurance and Portability and Accountability Act (HIPAA) is complex but important legislation. It mandates that patient data should be stored securely, access to the data be controlled and monitored, and that healthcare organizations have the policies, procedures and systems needed to ensure compliance.

The compliance challenge is even greater today as many organizations face multiple regulations including PCI and SOX, and the promises of “compliance in a box” solutions fall far short of delivering genuine security improvements. The reality is that log management and forensic analysis is simply not enough. What’s needed is a proactive approach to network defense and insider abuse that won’t strain existing IT resources.

The Scope of HIPAA’s Privacy and Security Requirements Has Expanded

On February 17, 2009, President Barack Obama signed the American Recovery and Reinvestment Act of 2009 (the “ARRA”), commonly referred to as the federal stimulus bill. The ARRA contains several provisions — intended to promote the use of health information technology — that would significantly expand the scope of the privacy and security requirements of the Health Insurance Portability and Accountability Act of 1996 (”HIPAA”). These changes, summarized below, include:

• Direct, statutory liability for business associates for violations of HIPAA’s privacy and security requirements;
• New notification obligations for covered entities, business associates and other organizations in case of breach of personal health information (PHI) or personal health records (PHR) use and disclosure requirements;
• Additional rights for individuals regarding their PHI, particularly PHI contained in electronic health records;
• Additional restrictions on certain disclosures by covered entities and business associates;
• Increased civil penalties and expanded criminal liability for violations;
• Mandatory compliance audits by the Department of Health and Human Services (the “Department”);
• An expansion of entities required to have business associate agreements; and
• Additional restrictions on marketing communications.

How TBG Security Can Help

TBG Security has substantial expertise in the core components stipulated within the HIPAA legislation and many of our Consultants have been involved with national standards committees as ANSI X12, HL7, WEDI, AFEHCT, NCPDP, and the Private Sector Technology Advisory Group (PSTAG).

Although many vendors offer services to companies seeking compliance and auditing solutions, few providers match TBG’s expertise, intelligence-gathering capabilities, commitment to open standards, or role as trusted advisor. TBG leverages regulatory knowledge, training, and experience; best-of-breed solutions; a global network of proven technology; and its history of stability and trust to deliver solutions that are not only effective, but also make the best use of existing in-house personnel, technology, and processes.

Flexible Compliance Services To Meet Your Needs

Working as either a full service consultant, or as an adjunct to your in-house business & security team TBG will execute a three phase compliance readiness process to insure that your business meets or exceeds their compliance requirements. Following the readiness process we’ll work with your team to assist in meeting the certification requirements.  Once the certification process is complete, TBG is prepared to offer ongoing services to assist your business in maintaining compliance readiness as requirements or regulations change and/or new vulnerabilities are detected.

For more information on how TBG Security can help your organization reach HIPAA compliance contact our (JavaScript must be enabled to view this email address) or call us directly at 877.233.6651 ext 704.