Our all-inclusive customized plans are your one stop shop for your organizations HIPAA compliance.

 

What are the Risk’s involved?

  • What if your IT system does not measure up to HIPAA standards?
  • Are you worried that your practice might be investigated and fined?
  • Are employees properly trained in all HIPAA Policies and Procedures?
  • Is an ePHI breach a concern?
  • What about the requirements to mitigate such an occurrence?

HIPAA Compliance is more important than ever…

An ever changing and evolving environment, today’s medical professionals can face a very real challenge when it comes to maintaining high standards and enforcing HIPAA compliance. In today’s marketplace the complexity of ever-expanding patient health information stored on computers and in the network represents obstacles to providing and maintaining HIPAA compliance.  Lack of standards and maintaining updated HIPAA certifications and lack of proper employee training due to high staff turnover can represent a clear and present danger to any medical practice.

From the inception of HIPPA in 1996, the Department of human and health services has encouraged all healthcare organizations to implement voluntary compliance programs. HHS published a final Privacy Rule in December 2000, which was later modified in August 2002. Compliance with the Privacy Rule was required as of April 14, 2003 (April 14, 2004, for small health plans). HHS published a final Security Rule in February 2003. This Rule sets national standards for protecting the confidentiality, integrity, and availability of electronic protected health information. Compliance with the Security Rule was required as of April 20, 2005 (April 20, 2006 for small health plans). HHS enacted a final Omnibus rule that implements a number of provisions of the HITECH Act to strengthen the privacy and security protections for health information established under HIPAA, finalizing the Breach Notification Rule.

Click here for the link to the combined regulation text

Enforcement by the Attorneys General of most states, and Office for Civil Rights continues to expand. Simply DOING BUSINESS AS USUAL is no longer a choice. As a matter-of-fact, it’s no longer legal.

 

Utilizing ICC’s HIPAA Compliance isn’t so complex…

While the process of implementing the compliance program might seem a monumental undertaking to some, ICC’s HIPPA experts will make it easy. Our proven processing programs will ensure your organization’s compliance no matter the size from an individual practice to the largest healthcare enterprises. You can take the stress out of compliance by enlisting ICCs HIPPA experts, as your ongoing partner in ePHI privacy and security.

3 – Step Program:

Step 1: Risk Analysis and Evaluation

  • The Security risk assessment identifies current topology of your existing network and compares them to HIPAA Standards.
  • Security risk analysis reports on threats and analyzes their vulnerabilities.

Step 2: Addressing Identified Issues

  • Highlights areas that need to be resolved.
  • Formulate a Step-by-Step action plan to resolve issues identified.

Step 3: Periodic Observation and Upkeep

  • Ongoing monitoring and periodic risk analyses
  • On demand services for new employees and systems
  • Maintenance and compliance cycle requirements

The Basis of HIPAA Compliance is rooted in Cybersecurity.

HIPAA compliance is all about protecting private medical data. As more and more of this data is being stored and transmitted using computers and the internet, cyber security, network management, and IT security is becoming more important. As an IT services company, we know how to protect your business from cybercrime.  This 3-Step program along with extensive documentation and online education complete your HIPAA compliance needs for any size HIPAA compliant entity. Please contact us today to schedule a consultation with one of our HIPAA experts.

Frequently Asked HIPAA Questions

There are three main classes of covered entities.

  1. Health care providers:Doctors, dentists, medical clinics, psychologists, chiropractors, nursing homes, pharmacies.
  2. Health plans:Health insurance companies, company health plans, Medicare, Medicaid, veterans’ health care programs, and HMOs.
  3. Health care clearinghouses:Organizations that convert non-electronic medical information into electronic records.

HIPAA compliance regulations require that all healthcare providers maintain the security of patient information and medical records this is called Protected Health Information. This applies to all medical and dental practices, including other healthcare services provider’s. As the business owner you are required to take steps to prevent unauthorized access to PHI. A failure to do so can result in civil and criminal penalties. ICC is an IT services provider that understands what the HIPAA requirements are, and what you need to do to maintain compliance.

PHI (Protected Health Information) is the combination of information about a person’s health with other information that would identify who the person is. Examples of PHI include phone numbers, social security numbers, patient names, and even photographs of patients. This type of information can show up in a variety of ways including medical bills, emails, appointment scheduling, medical test results, and voice mail. It’s important to remember that PHI includes all information that comes into or leaves a covered entity. PHI not only covers electronic records it includes verbal, written, information visible on computer screens, and even conversations that may be overheard.

The passing of the “American Recovery and Reinvestment Act of 2009” (ARRA) in 2009, established civil and criminal penalties for violations of HIPAA. Your practice or individuals that work at your practice may be held liable whether you knowingly or unknowingly violate these guidelines.  The same penalties apply to business associates as well.