Is your mid-west medical practice and technology HIPAA Compliant?
If your answer is "No!", "I don't know!" or worse "I don't care!" your practice is at GREAT risk. That risk could put you out of business if the OCR finds that you were negligent in your HIPAA compliance efforts.
We Are Service is the only IT managed service provider in the Midwest that specializes in delivering easy to manage HIPAA compliance solutions and technology services specifically for medical practices of all sizes. Our fast, friendly and reliable team have more than forty years of experience in making technology and HIPAA simple for our clients. Call us today for your free consultation!
HIPAA compliance requires:
- Detailed Annual Risk assessments be performed and documented
- Annual HIPAA Security, Privacy, and compliance testing all staff
- Encrypted email
- HIPAA Security Policies and Procedures
Can you provide proof of the items listed above? If your answer is "No" then you are not complying with the HIPAA law and need to call us today!
The Health Insurance Portability and Accountability Act (HIPAA) was enacted to protect the privacy and security of patient information. It is the doctors and healthcare organization’s responsibility to implement safeguards that ensure patient information is properly protected.
We Are Service LLC has put together a HIPAA Security Service that helps healthcare organizations identify and implement the proper safeguards to protect patient data and to comply with the HIPAA regulations. The HIPAA Security Service consists of the following:
- Creation of 18 custom HIPAA Security Policies and Procedures
- A Detailed HIPAA Security Risk Assessment
- Online training covering Security and Privacy, and compliance testing to all employees
- Access to the HIPAA Compliance Portal (12 months)
We Are Service, LLC is providing HIPAA compliance services to practices that need help. Our proven process has been used to perform over 2,000 Security Risk Analyses – most for practices just like yours. We Are Service, LLC is a leading provider in HIPAA compliance services for small and mid-size practices. We would like to set up an appointment for you to speak to We Are Service, LLC about your current state of HIPAA compliance. There is no cost, other than a few minutes of your time. Other companies would charge hundreds of dollars just to speak to you on the phone about HIPAA. Please get back to me regarding some date/time(s) that we can set up a call.
As your trusted advisor, We Are Service, LLC wants to make sure you are properly complying with HIPAA rules and regulations. While we do provid you with HIPAA compliant technology, compliance extends beyond technology. We have found that most practices either think they are HIPAA compliant and are not, or simply ignoring the regulations. This is too big of a risk to take. We would like to look at your current state of HIPAA compliance to make sure you are in good standing. A key part of being HIPAA compliant is to have a Security Risk Analysis performed. However, an SRA should be performed by an expert. This is not our recommendation – this is according to CMS. CMS states: “It is possible for small practices to do risk analysis themselves using self-help tools. However, doing a thorough and professional risk analysis that will stand up to a compliance review will require expert knowledge that could be obtained through services of an experienced outside professional.”
What Should a HIPAA Risk Assessment Consist Of?
Throughout the HIPAA regulations, there is a lack of guidance about what a HIPAA risk assessment should consist of. OCR explains the failure to provide a “specific risk analysis methodology” is due to Covered Entities and Business Associates being of different sizes, capabilities and complexity. However, OCR does provide guidance on the objectives of a HIPAA risk assessment:
- Identify the PHI that your organization creates, receives, stores and transmits – including PHI shared with consultants, vendors and Business Associates.
- Identify the human, natural and environmental threats to the integrity of PHI – human threats including those which are both intentional and unintentional.
- Assess what measures are in place to protect against threats to the integrity of PHI, and the likelihood of a “reasonably anticipated” breach occurring.
- Determine the potential impact of a PHI breach and assign each potential occurrence a risk level based on the average of the assigned likelihood and impact levels.
- Document the findings and implement measures, procedures and policies where necessary to tick the boxes on the HIPAA compliance checklist and ensure HIPAA compliance.
- The HIPAA risk assessment, the rationale for the measures, procedures and policies subsequently implemented, and all policy documents must be kept for a minimum of six years.
As mentioned above, a HIPAA risk assessment is not a one-time requirement, but a regular task necessary to ensure continued compliance. The HIPAA risk assessment and an analysis of its findings will help organizations to comply with many other areas on our HIPAA compliance checklist, and should be reviewed regularly when changes to the workforce, work practices or technology occur.
Depending on the size, capability and complexity of a Covered Entity, compiling a fully comprehensive HIPAA risk assessment can be an extremely long-winded task. There are various online tools that can help organizations with the compilation of a HIPAA risk assessment; although, due to the lack of a “specific risk analysis methodology”, there is no “one-size-fits-all solution.