HIPAA Security Standards Compliance
In February, 2003, The U.S. Dept. of Health and Human Services adopted final regulations for security standards to safeguard electronic Protected Health Information (“ePHI”) systems from unauthorized access and misuse. The standards require health plans, healthcare clearinghouses and healthcare providers to implement administrative, physical and technical protections to develop and maintain the security of all electronic health information under their care.
These standards have been adopted as required under title II of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Most covered entities must comply by April 21, 2005, while small health plans will have an additional year to come into compliance.
Our Strengths
The Healthcare Services Team of RSM McGladrey is a recognized leader in healthcare consulting. Our team of professionals has extensive experience covering the regulatory, strategic, technological, operational and financial aspects of the changing healthcare business. Our National Risk Management Practice provides consulting services to private and public companies across a variety of industries, focusing on security, regulatory compliance, auditing and risk assessment and management. The combined resources of these practices are uniquely qualified to deliver premium services to our
healthcare clients.
Our Approach
We tailor our approach to your needs, with a focus on helping your business achieve compliance with the HIPAA security standards. This allows us to provide you with the most cost-effective services while continuing to meet the long-term needs of your business. Our services include six phases to ensure full
compliance under HIPAA. Depending on your specific needs, we can help you with any or all of these phases.
Phase I - Inventory
Our team meets with your administrative and technical staff to identify all sources where ePHI may reside or is processed or electronically transmitted. As the information may be dispersed on different platforms at different locations, a complete inventory of technical platforms and applications is an important first step.
Phase II - Risk Assessment
We use a proprietary methodology to perform a high-level information risk assessment of all components identified in Phase I. This allows us to focus on areas where potential risks are high, and helps us to define the scope of work that will be necessary to achieve complete compliance.
Phase III - Detailed Assessment
We conduct a detailed assessment to measure the effectiveness of your processes and to ensure that these processes fully protect the confidentiality and availability of ePHI as well as the integrity of your environment. Our assessment is based on industry best practices, and each aspect is clearly mapped to HIPAA standards to demonstrate compliance.
Phase IV - Potential Gaps and Action Plans
Based on our assessment, we identify areas where processes may need to be improved. In this phase, we also develop detailed action plans to help bring you into full compliance.
Phase V - Remediation
We have extensive experience with designing and implementing security processes that will facilitate compliance. With our services, you will not have to re-invent the wheel; we will implement processes that
will work for your environment – and help you stay in compliance over the long term.
Phase VI - Monitoring and Reporting
Our team provides the necessary tools to monitor your progress over time and help you to establish
effective reporting mechanisms so that you can take immediate action to bring your environment into
complete compliance.
Benefits
Your investment in security standards is an important one. Maximize the value of your investment by engaging a professional at RSM McGladrey. Our Specialized Knowledge SM of the healthcare industry, solid track record and unique blend of resources offers you a complete solution for security compliance with a focused, cost-effective approach.
