Preparing for the worst leads to the best possible outcome.
When the Office of Civil Rights contacts you to discuss HIPAA compliance, it pays to be prepared. The OCR is the governmental body that conducts audits, and they plan to look at providers both large and small, and across a wide geographical distribution. To help you prepare, ControlScan offers the HIPAA Assessment, an engagement that simulates a formal audit of your compliance with the HIPAA Privacy and Security Rules. Covered entities and business associates of all sizes should consider undergoing a HIPAA Assessment in order to identify compliance gaps and weaknesses in their approach to securing protected health information (PHI).
There is increasing focus on HIPAA compliance, with large fines being levied at covered entities and business associates that don’t have measures in place or a plan to implement them. At the same time, the HIPAA Security Rule and Privacy Rule are not specific and prescriptive in dictating requirements to subjected organizations; in contrast, the PCI DSS essentially provides a checklist to follow. The HIPAA Assessment offers an approach to defining compliance requirements in the context of your business environment by simulating the level of assessment and scrutiny that you’d experience should an official audit or investigation be conducted.
Assessing your healthcare organization from all angles.
An experienced ControlScan assessor reviews the technical, physical and administrative controls in place in your organization, and correlates them with the requirements set forth in HIPAA-HITECH. A formal summary of findings is prepared, providing you with high value, actionable information, including:
- A list of the technical, physical and administrative controls reviewed, providing context for the application of HIPAA-HITECH to your environment and becomes your baseline of controls going forward;
- A clear definition of gaps encountered with an indication of relative criticality;
- An indication of improvement opportunities and their impact on overall security posture and risk; and
- A formal report of the findings suitable for presentation to external parties as evidence of the state of your compliance.
Findings are reviewed with you in detail to ensure full clarity. From there, you may choose to remediate findings yourself, or engage ControlScan to assist with remediation.
Engaging ControlScan for a HIPAA Assessment gives you the opportunity to tap the unbiased, independent opinion of an outside expert. In addition, you gain access to best security practices developed and reapplied over time and across a variety of environments and circumstances. ControlScan brings a deep understanding of multiple frameworks including HIPAA-HITECH and PCI DSS, allowing our experts to take a holistic approach to security and compliance while ensuring you maximize the return on your investment in services.