HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. The HIPAA Privacy Rule establishes regulations for the use and disclosure of Protected Health Information (PHI). PHI is any information about health status, provision of health care, or payment for health care that can be linked to an individual. The HIPAA Security Rule complements the Privacy Rule. While the Privacy Rule pertains to all PHI including paper and electronic, the Security Rule deals specifically with Electronic Protected Health Information (EPHI). It lays out three types of security safeguards required for compliance: administrative, physical, and technical. For each of these types, the Rule identifies various security standards, and for each standard, it names both required and addressable implementation specifications. Required specifications must be adopted and administered as dictated by the Rule. Addressable specifications are more flexible.

Security Advisers' HIPAA Gap Analysis measures existing business practices and policies against IT security best-practice and the HIPAA standard. Identified strengths and any areas of the existing business practices and policies requiring improvement are clearly identified and presented in a format that can be fully leveraged by executive management and operations simultaneously to serve as a foundation for remediation strategy and formal security program development.

If you would like more information about Security Advisers' Gap Analysis services, please email info@security-advisers.com or call us at 410-867-6329.

Tel: 410-867-6329 | Headquarters: 1517 Bay Drive, Shady Side, Maryland 20764