This year over 2 million healthcare facilities, law firms, accountants and other businesses that perform services for health care related companies are being targeted for HIPAA/HITECH Act Phase 2 compliance audits by the U.S. Department of Health & Human Service. Not performing annual HIPAA compliance assessment is a HIPAA violation and subjects you to finds of $50,000 per record.
Gateway TelNet's HITECH Compliance Assessments and Compliance-as-a-Service offerings help get and keep you HIPAA complaint. Our HIPAA Compliance-as-a-Service offering builds on our baseline HIPAA and PCI Risk Assessment to support ongoing compliance for your environment.
PCI compliance failure can result in losing your right to accept credit cards. Our PCI Compliance Assessments and Compliance-as-a-Service offerings produce initial and ongoing support to comply with Payment Card Industry Data Security Standards (PCI DSS).
Contact us today to schedule your FREE HIPAA and/or PCI risk assessment and consultation.Contact Us
If so you are subject to HIPAA requirements, and when any client is audited for HIPAA you can also expect a HIPAA audit. Not knowing you are subject to HIPAA is no defense from HIPAA violations and fines of up to $50,000 per record and $1.5M per year.
Failure to conduct a HIPAA assessment at least annually is de facto failure to comply with HIPAA.
Advocate Health Care was recently fined $5.55M for failing to conduct a thorough HIPAA risk assessment – one of hundreds of businesses already subjected to fines for failing to conduct a HIPAA risk assessment.
If not and if they have access to your IT environment, then they are violating HIPAA and putting you at additional risk as well.
We enter into Business Associate agreements with prospects and clients who are subject to HIPAA.
We also provide ongoing HIPAA support services to help ensure ongoing HIPAA compliance. All of our employees are HIPAA compliance certified and have undergone criminal background checks and drug testing.
In 2006, DHHS' Office of Civil Rights expanded its unannounced HIPAA audit program to Business Associates (vendors and business partners that create, receive, maintain or transmit protected health information). Previously only Covered Entities (health care providers, plans and clearinghouses) were specifically targeted for federal audits.
HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs. In 2009, HIPAA was augmented by Health Information Technology for Economic and Clinical Health Act (HITECH).
The HIPAA/HITECH Security Rule requires administrative, physical and technical safeguards to protect the confidentiality, integrity and availability of electronic protected health information (ePHI). Federal and state HIPAA compliance audits, security incidents or failure to conduct an annual HIPAA risk assessment can result in fines of $50,000 per record and $1.5M per year.
HIPAA/HITECH compliance means conducting a HIPAA risk assessment no less than annually and ensuring an organization employs specific administrative, physical and technical safeguards to protect the confidentiality, integrity and availability of electronic protected health information (ePHI).
HIPAA applies to both Covered Entities and their Business Associates.
Covered Entities are health care providers, health plans and health clearinghouses such as doctors, clinics, dentists, retirement homes, nursing homes, funeral homes, chiropractors, psychologists, hospitals, health insurance companies and pharmacies.
Business Associates are vendors and business partners that create, receive, maintain or transmit protected health information (PHI) on behalf of a Covered Entity. Examples include lawyers and accountants who access health related billing records or claims, marketing firms that access email addresses or other client information, and IT specialists who access networks or systems where ePHI is stored.