Healthcare (HIPAA) Compliance Services

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was signed into law by President Clinton on August 21, 1996. The objectives of HIPAA are to:

  • Improve the efficiency and effectiveness of healthcare through standardization of all shared electronic information

  • Protect the privacy and security of patient information stored and exchanged electronically

  • Reduce the cost of exchanging information among healthcare partners

HIPAA legislation will restructure the approach in which health data is captured, transmitted, stored, secured and managed. It will affect how health care organizations do business and how patients receive care. 

Several factors are driving healthcare organizations to implement secure information technology solutions:

  • Compliance to legislation, HIPAA (USA) and C6 (Canada)

  • Industry lagging in capitalizing on efficiencies achieved from the implementation of enterprise information systems

  • Industry is slowly mobilizing towards the electronic medical/patient record

  • The future of point-of-care systems is wireless

Secure20 understands the challenges faced by healthcare organizations in complying to HIPAA regulations. We have the essential expertise in analysis, design, implementation, deployment, optimization and post implementation analysis to help your organization meet these challenges. Our services address all aspects of HIPAA compliance including security, privacy, code sets, identifiers, and Electronic Data Interchange (EDI).

Secure20’s HIPAA Compliance Process

Secure20’s approach to HIPAA compliance is both comprehensive and flexible. We bring value to this process by ensuring compliance without unnecessary cost, delay or disruption. Creating an infrastructure that will be the catalyst for achieving sustained competitive advantage. Furthermore, Secure20 will position your infrastructure to help your organization take advantage of any e-business or e-health opportunities.

Secure20’s principle service offering for healthcare organizations interested in assistance with HIPAA compliance is the HIPAA Impact Assessment, which has three components:

  • Comprehensive security audit

  • Assessment of all privacy policies and procedures

  • Assessment of information systems & EDI interfaces for standard transactions, identifiers and content

 The deliverables of the HIPAA Impact Assessment are:

  • Gap analysis report detailing the extent to which business areas and infrastructure already comply and estimate the amount of effort and expenditure necessary to achieve compliance

  • Impact assessment report to identify the scope of impact on each business unit

  • Risk analysis with recommendations for each finding

  • High-level project plan to map initiatives necessary to meet HIPAA compliance

  • Summary of Secure20’s Strategic Implementation Planning process

Why Perform an Impact Assessment?

  • Short time frame for Compliance

  • Compliance Penalties

Broad scope

  • HIPAA will impact all functions, processes and systems that store, handle or generate health information

Potential impact

  • Healthcare organizations will need to rethink the manner in which they protect the security and privacy of patients and consumers

  • HIPAA is mandating a standard format for the most common transactions between healthcare organizations

  • Many organizations will need to replace or substantially change their current systems and processes to comply

Strategic issues

HIPAA electronic standards and security requirements will become key enablers to e-business and e-health initiatives

When Should the Impact Assessment be Conducted?

Status of HIPAA Component Regulations:

*Standards are required to be implemented generally within 2 years of the effective date of the final rule (effective date of the final rule is generally 60 days after publication). The effective date of the final Privacy Rule is 60 days after Congress was officially notified, which happened on Feb. 13, 2001. 

  • Secure20 recommends that healthcare organizations should begin their HIPAA assessments as soon as possible.

  • Organizations that wait are going to find it difficult to find IT and business process resources to perform the remediation efforts in an already tight job market.

  • HIPAA is expected to have a larger impact than Y2K on many healthcare organizations.

  • Three quarters of healthcare organizations have not completed assessments of their current environments and risks under HIPAA , according to a recent survey by Gartner, Inc. "Without an effective delay, HCOs must aggressively begin compliance efforts within the next three months or miss the deadline and risk incurring high penalties and financial damage"

 Objectives of the Impact Assessment

  • Provide the senior leadership of an healthcare organization an understanding of the impact of HIPAA on their:

  • Corporate strategy and strategic initiatives

  • Business processes and organization

  • IT systems

Enable healthcare executives to:

  • Create awareness about HIPAA within their organization

  • Align their strategic initiatives with HIPAA requirements

  • Make build, buy or outsource decisions on key systems

  • Assess their internal capability to address HIPAA requirements

Contact us now to get started.