With increasing federal emphasis on patient privacy and security requirements, it is more important than ever to implement and maintain best practices for protecting patient data. Provident Management Consulting’s (“Provident”) HIPAA & HITECH assessment and advisory solution tests all policies, protocols, and data systems, identifying vulnerabilities and providing a roadmap to quickly achieve compliance.
HIPAA & HITECH compliance are receiving increasing scrutiny and attention from federal and state regulators. At the same time, consumers hold high expectations for providers to properly handle patient information, and providers that experience breaches are often punished in the marketplace. Nationally, research indicates that the average total cost per breach was $6.75 million, with an average cost of $204 per affected record. Sixty-six percent of those costs were due to lost business as a result of the breach.
Given the scope of regulatory requirements, the complexity of provider data systems, and the consequences of noncompliance, it is crucial for providers to regularly assess performance capabilities and vulnerabilities.
A COMPREHENSIVE APPROACH
Depending on client needs, our HIPAA & HITECH solution includes some or all of the following:
Our evaluation thoroughly examines policies and procedures and assesses whether all clinical and administrative staff are handling patient information properly. Our assessment includes internal education initiatives, organizational controls and communication, posting and technical requirements, effectiveness of annual review processes, and assignment of responsibilities. Our analysis identifies gaps and defines actionable steps allowing clients to quickly achieve compliance. We help fix the shortcomings we find, efficiently documenting compliance efforts.
Our solution verifies the security of all provider data systems and information technology by running efficient and non-intrusive vulnerability scans. The IT assessment tests all aspects of the provider network, including hardware, configuration, and software issues.
The result is a comprehensive and prioritized listing of all vulnerabilities with a clearly identified path to compliance. Our experience is that technical scans will reveal thousands of issues involving permissions, patches, version control, and other software or systemic issues. Our expertise allows us to sort these into meaningful and actionable steps, prioritizing immediate, mid-term, and long-term issues.
The HITECH act significantly increases the financial penalties for HIPAA violations and incentivizes corrective action within 30 days. In addition to minimizing the potential for breaches, our HIPAA & HITECH solution establishes the framework for timely corrective action.
WHAT SETS US APART
Provident’s comprehensive assessment and advisory solution combines our expertise in the healthcare, regulatory, and technology environments to help organizations fully comply with the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH).
Drawing on the unique depth and experience of our team, we have successfully completed HIPAA & HITECH engagements with a wide range of hospitals, providers, academic medical centers, and self-insured organizations.