HIPAA Compliance

We have experienced consultants who have spent time in the trenches and offer a broad array of consulting services to meet all aspects of HIPAA compliance.

HIPAA compliance is ever evolving and may seem complicated. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is broken into three primary rules; Privacy 45 CFR 164. 500, Security 45 CFR 164.302 and Breach Notification 45 CFR 164.400.

The Privacy Rule established protection for protected health information whether in paper or electronic format. The rule defines patient rights that provide some control over their own health information and establishes standards regarding access, use and disclosure.

While the Security Rule established requirements for electronic protected health information. In general, the rule outlines administrative, technical and physical safeguards that must be addressed by covered entities and business associates.

Last, but certainly not least, the Breach Notification rule established detailed standards requiring covered entities to report breaches to impacted patients.

In 2009, the HITECH Act was signed and required Business Associates to implement the security rule safeguards. Additionally, it required covered entities and business associates to notify individuals of a breach. Then, in 2013, the Omnibus Rule modified the standard for a reportable breach to make breaches presumptively reported. The rule also extended requirement to Business Associates requiring them to have a privacy and security program in place and assigned direct liability for criminal and civil penalties for uses or disclosures that violate the privacy rule.

No wonder, HIPAA seems complicated…it is!

We have experienced consults that have spent time in the trenches and offer a broad array of consulting services for healthcare organizations and business associates to meet all aspects of HIPAA compliance.

Here are some of the key components of our HIPAA Compliance Services:

Security Risk Analysis (SRA), an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information. (45 C.F.R. § 164.308(a)(1).
Proven Office for Civil Rights investigation and corrective action support services. Whether you are in the middle of an investigation or have agreement to a corrective action plan, we can provided you with support.
405 (d) Audit Services that identifies and documents your implemented security best practices.
Vendor Risk Management framework and program development.
Information Asset Criticality/Business Impact Analysis.
Virtual Privacy Officer (VPO) and Virtual Chief Information Security Officer (vCISO) services.
HIPAA Privacy, Security and Breach Notification Policy and Procedure Development.
Privacy Assessment consistent with the Office for Civil Rights desk audit protocol. We will evaluate the current state of your existing program to determine compliance and identify any gaps.
Security Assessment consistent with the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
Phishing simulation.
Privacy Officer and/or Security Officer training program designed to establish foundational knowledge for new leaders.
Evaluate entire IT infrastructure security (servers, computers, laptops, firewalls, remote access, EHR/Practice Management systems, wireless access, etc.).
Vulnerability Scanning provides network visibility and helps to identify risks and vulnerability that may be exploited by threat actors.
Evaluate your business associate agreement template and process. We will also help to create a list of all business associates for tracking.
Cyber Liability Insurance guidance.

Related Industry Insights & Resources

View All Insights

Positive outcomes are possible for you and your patients.

We approach every engagement with a results-driven mindset, leveraging our deep industry expertise and data-driven insights to develop strategies that drive meaningful, measurable improvements in performance.

View All Results

No items found.

Solutions We Offer

We partner with clients to navigate the dynamic challenges of managing a high-performing physician enterprise.

HIPAA Compliance

We have experienced consultants who have spent time in the trenches and offer a broad array of consulting services to meet all aspects of HIPAA compliance.

Related Industry Insights & Resources

Announcing our New Book on Private Equity and Healthcare

Planning and Managing Provider Compensation: A Checklist-Based Approach

Healthcare Consulting Firm, Coker, Announces Acquisition of NorthGauge Healthcare Advisors

Leveraging Medicare Annual Wellness Visits for Chronic Disease Identification and Prevention

Understanding Medicare Preventive Visits: Key Differences Between IPPE and AWV Services

CrowdStrike Outage Impacts US Healthcare: Protecting Healthcare Organizations

Navigating the Digital Landscape: Hospital Marketers Win in the Latest Ruling on HHS Online Tracking and HIPAA

Trinity Hunt Partners Establishes Healthcare Advisory Platform with Investment in Coker

Is Your Risk Analysis Thorough and Accurate?

Is Your Telehealth Solution HIPAA Compliant?

CMS Issues 2023 Physician Fee Schedule Final Rule

The Office of Inspector General to Audit the Effectiveness of the Health and Human Services Office for Civil Rights

American Medical Association Releases 2023 E/M Updates

Major Changes to Split/Shared Billing Affect Advanced Practice Providers and Physicians

Why is a Fair Market Value/Commercial Reasonableness Opinion Important for Value-Based Enterprises?

8 Information Blocking Exceptions You Need to Know

What is Compliance Program Effectiveness?

The Ugly Truth About the New 2021 E/M Changes

2021 Offers New Opportunities Amid Healthcare Regulation Changes

5 Mistakes Covered Entities and Business Associates Made During a Security Risk Analysis

Let’s Talk about Why Qualitative Information Matters in Your Physician Needs Assessment

HHS Announces Changes to the HIPAA Privacy Rule

Top Five Trends in Healthcare for 2021

2021 E/M Coding Changes: What Healthcare Professionals Need to Know

COVID-19 Pandemic Exposes Vulnerabilities in Healthcare Organizations (Part 3)

COVID-19 Pandemic Exposes Vulnerabilities in Healthcare Organizations (Part 2)

The Keyword for Hospitals: Track Documentation of Physician Community Need Before Recruiting Physicians

COVID-19 Pandemic Exposes Vulnerabilities in Healthcare Organizations (Part 1)

Establishing Objective Evidence for Physician Needs Assessments

Information Blocking Compliance: What do Healthcare Providers Need to Know?

Should You Use a Non-Medical Grade Telemedicine Platform?

Healthcare and the Millennials

Case Study: Leveraging Technology During a Pandemic

Do Hospitals that Employ their Physicians Need a Community Need Assessment?

Navigating the New Normal of a Post-Pandemic World

Post-Pandemic Crisis Affiliation: Which Way is Up?

ONC Temporarily Relaxes Compliance Deadlines Related to the Cures Act

COVID-19 Telehealth Privacy and Security Concerns

Coker Group Telehealth Survey

Cyber Criminals are Targeting Telemedicine Visits

Key Issues and Guidance for Hospitals and Medical Groups during the COVID 19 Pandemic

COVID-19 FRAUD ALERT

Responsive Compensation Arrangements to Battle COVID-19

Provider Compensation Management: Solving the Compensation Conundrum

Cybersecurity Tips

What Does It Mean for a Compliance Program to Be Effective?

Identifying Embezzlement Opportunities in a Medical Practice

Does the Corporation’s Compliance Program Work in Practice?

Is the [Compliance] Program Being Applied Earnestly and in Good Faith?

Is Your Corporate Compliance Program Well-Designed?

Engage an Expert Witness to Build a Sound Defense in Healthcare Legal Cases

Using Market Data to Establish Sustainable Physician Compensation Models

Recognizing and Mitigating Key Areas of Risk

Understanding and Preventing Physician Burnout

EHR Documentation Integrity Risks: Ten Ways to Stay Compliant

The Aging Physician Workforce

Is there a Looming Physician Shortage and What does it Mean?

Building Medical Staff Buy-In when Conducting a Physician Community Needs Assessment

Compliance Risk Mitigation in Healthcare Mergers & Acquisitions

Do Qualitative Factors Matter in Determining Physician Need?

Physician Compensation Plan Design: The Basics Make a Difference

Pursuing a Comprehensive Compensation Plan for Your Executive Leadership Team

Best Practices for Developing Employed Provider Compensation Plans

Burning Platforms: Common Characteristics and Considerations for Employed Provider Network (EPN) Turnarounds

Clinical Integration: The First Step in Moving Toward Value-Based Reimbursement

Five Tips to Keep Your Data Safe

Practice Management Basics: A Healthy Revenue Cycle Begins Up Front

Front-End Patient Collections: Where the Rubber Meets the Road

Physician Compensation Governance: Building a Good Foundation

Mitigating Risk when Migrating from one EMR to Another

Relationship Status with Productivity-Based Compensation: It's Complicated

Coding Compliance and WRVUS: What Lurks Beneath the Surface?

Conflict Management and Successful Leadership

Smoothing the Rough Spots in Patient Flow in Outpatient Practices

Is Information Technology a Competitive Necessity or a Competitive Advantage?

Cybersecurity Lessons from 2016 and Trends for 2017

A Reflection on Coding and Compliance Changes