The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules define requirements for the appropriate use and safeguarding of protected health information (PHI). These requirements along with the provisions of the HITECH Act create a significant challenge for organizations that manage or impact the security of medical records and other personal health information.
Compliance with the HIPAA Security Rule is central to securing electronic protected health information (ePHI). ePHI that is created, received, maintained or transmitted by a Covered Entity or Business Associate must be protected to prevent anticipated threats and hazards and impermissible uses and disclosures.
If your business fails to adhere to the HIPAA Security Rule and faces an ePHI-related security breach as a result, you can be subject to significant regulatory fines, litigation, breach notification costs, unfavorable media attention and a damaged reputation.
We can perform a HIPAA Risk Analysis to support the HIPAA and Meaningful Use requirements and evaluate your existing protection of ePHI. Using the HIPAA Security Rule as a baseline, our assessment will identify your current security controls, assess their effectiveness, inform you of your current risk, and establish a prioritized action plan for moving into compliance.
In our HIPAA Gap Assessment, we review all pertinent HIPAA requirements and applicable security program elements in order to identify gaps in processes, actions or states. Identified gaps will be aggregated into a HIPAA Gap Analysis report. This report will outline all deficiencies that must be addressed in order to achieve and maintain regulatory compliance.
Healthcare organizations say that security is a top concern
Healthcare providers have a “fully functional” cyber security program
Data breaches are costing the US healthcare industry about $6.2 billion per year
Healthcare industry believe they are at risk for a data breach
We offer the following services:
Our cybersecurity practice expands beyond compliance, and our experience allows us to perform vulnerability assessments, penetration testing, web application security testing, network hardening, and source code analysis. These professional services are integrated into our HIPAA compliance teams as our analysis determines it to be necessary.
We complete a risk analysis as it is a required component of HIPAA compliance and is crucial to understanding your privacy risk environment.
We deliver customized solutions that ensure long-term value to your organization. We provide advisory support to maintain HIPAA programs that will minimize future costs and improve the efficiency of critical processes.
After the agreement is executed, the first phase of the engagement is planning. This is to ensure that Enclova and the Client are fully aware of the what, who, when, why, and how prior to the beginning of testing. Proper planning is imperative to the success of a project.
The kickoff is considered the start of the engagement. If needed, Enclova will schedule a call at the beginning of the kickoff to finalize any outstanding items. Enclova ensures that no last-minute changes to the project or team have occurred and the Client has the plan prior to the testing and on-site visit.
Testing and gathering is the core of the compliance engagement. Due to the planning and understanding processes, this phase will be an accumulation of gathering the evidence needed for the objectives discussed. Enclova has a no surprise policy and has constantly contact with the stakeholders during the testing and gathering activities.
Enclova’s testing methodology ends with reporting, but the entire assessment is focused on creating a deliverable that is clear, concise, and accurate. The draft report will be provided within 2 weeks of the last day of testing and gathering phase, and a final report will be provided within 30 days.
