HHS published a final Security Rule in February 2003. This Rule sets national standards for protecting the confidentiality, integrity, and availability of electronic protected health information. Compliance with the Security Rule was required as of April 20, 2005 (April 20, 2006 for small health plans).
What is required of you?
The Security Management Process standard in the Security Rule requires organizations to “implement policies and procedures to prevent, detect, contain, and correct security violations.” (45 C.F.R. § 164.308(a)(1).) Risk analysis is one of four required implementation specifications that provide instructions to implement the Security Management Process standard. Section 164.308(a)(1)(ii)(A) states:
RISK ANALYSIS (Required).
Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the [organization].
How can Ariento help?
Ariento can help in one of two ways:
- Consulting - We conduct a 4-6 week risk analysis of your business according to the HIPAA framework. You get a report card identifying each required HIPAA control with a determination of compliance for each control. In areas of non-compliance, we provide actionable recommendations for remediation. We can also help implement recommendations.
- Managed Services - We become your HIPAA compliant outsourced IT shop, making you compliant now and in the future as regulations change. We also conduct an annual risk analysis of your business according to the HIPAA framework, giving you a record of compliance year over year.