HIPAA Compliance Built for You
Compliancy Group helps organizations build custom HIPAA compliance programs that follow HIPAA Privacy, Security, and Breach Notification Rule standards.
Elements of an effective HIPAA compliance program can be found below.
Security Risk Assessments, Gap Identification, and Remediation
HIPAA requires organizations to conduct security risk assessments to uncover weaknesses and vulnerabilities in security practices. After you complete your assessments, HIPAA requires you to create remediation plans. Remediation plans list your identified deficiencies and how you plan to address them, including actions and a timeline.
Compliancy Group provides clients with all required risk assessments, with support from Compliance Coaches to instruct you on completing them. Once the assessments are completed and added to our software, gaps in compliance are automatically identified. To close these gaps, the software creates remediation plans specific to your practice, which, once implemented, allow you to meet HIPAA safeguard requirements.
HIPAA Policies and Procedures
To meet HIPAA Privacy, Security, and Breach Notification requirements, your practice must implement written policies and procedures. These policies and procedures must be customized for your practice’s specific needs, applying directly to how it operates. Any changes in your business practices must be included in your policies and procedures where appropriate.
Compliancy Group provides clients with policies and procedures specific to their practice. Each policy also includes a summary section to simplify procedures into language that all employees can easily understand.
Any employee that has the potential to access PHI must receive annual HIPAA training. Employees must legally attest that they understand and agree to adhere to the training material.
Compliancy Group’s HIPAA training consists of a series of short educational videos to keep your employees engaged. Administrators can quickly check individual employee training progress and attestations through the software platform.
Business Associate Agreements
You likely work with business associates to run your practice. HIPAA defines a business associate as any entity that performs a service for your practice that gives them the potential to access PHI. Common examples of business associates include electronic health records platforms, email service providers, online appointment scheduling software, and cloud storage providers.
Business associate agreements must be signed with each of your business associate vendors.
Compliancy Group allows practices to send each of their business associates BAAs easily. It also assigns them a vendor questionnaire, similar to your self-audits, to assess their compliance. Once vendors have completed both, their responses are recorded, and agreements are stored in the software platform.
Incident Management and Audit Support
The HIPAA Breach Notification Rule requires practices to have a system to detect, respond to, and report breaches. Employees must also have the means to report incidents anonymously and know what to do if they suspect a breach has occurred. Healthcare organizations that suffer a breach and cannot prove their HIPAA compliance are often audited and fined.
Compliancy Group’s software makes it easy for employees to report suspected incidents anonymously. Clients that suffer a breach are provided with breach support from our on staff regulatory attorneys. We also offer audit support to clients, providing all of the documentation required by the Office for Civil Rights (OCR) to prove their “good faith effort” towards HIPAA compliance. No client that has completed our process has ever failed an audit!