HIPAA Compliance Services

HIPAA compliance is a complex issue that is evolving constantly. The Department of Health and Human Services (HHS) periodically releases new guidance on HIPAA compliance that they expect healthcare organizations, and their business associates, to adhere to. Keeping current with HIPAA requirements can be difficult, as such HIPAA compliance services simplify HIPAA compliance giving healthcare entities peace of mind. 

What are HIPAA Compliance Services?

HIPAA compliance services guide HIPAA beholden entities through creating a HIPAA compliance program that is tailored to their organization’s specific needs. Compliancy Group’s HIPAA compliance services offer clients a complete HIPAA compliance program. Expert Compliance CoachesTM meet with clients virtually to walk them through each step of building a custom HIPAA compliance program that covers the full extent of the HIPAA regulation

Compliance Coaches will instruct you on how to:

  • Complete the mandatory annual self-audits

HIPAA requires covered entities to complete six self-audits annually, business associates must complete five. Compliancy Group’s cloud-based HIPAA compliance software, the GuardTM, stores all of the templates for clients to complete their self-audits. Completing the self-audits allows you to get a complete picture of your security practices so that gaps can be identified.

  • Identify gaps in security

Once self-audits are completed, the Guard automates gap identification. Compliance Coaches will review your gaps with you to ensure accuracy. Identified gaps allow for you, along with your Compliance Coach, to create remediation plans to address the gaps.

  • Create remediation plans

Gap identification allows for remediation plans to be created that directly relate to your organization’s business practices. Remediation plans are an essential part of HIPAA compliance as they prove an organization’s “good faith effort” in safeguarding protected health information (PHI).

  • Draft policies and procedures

Compliance Coaches assist clients in creating your organization’s policies and procedures in line with HIPAA requirements. Policies and procedures are relevant to HIPAA Privacy, HIPAA Security, and Breach Notification Rules. Policies and procedures will clearly define permitted use and disclosure of PHI. In addition, procedures for reporting suspected breaches, who to report breaches to, and a means to report breaches anonymously, will be covered.

  • Train employees

Once policies and procedures are completed, clients will add all of their employees as users in the Guard. Each employee will have unique login credentials, ensuring that administrators can track employees’ progress. Employees will be trained on your organization’s policies and procedures, as well as HIPAA requirements. Throughout the training process, employees will legally attest that they have read and understood all that they were trained on.

  • Vet vendors

Before working with any vendor, it is required to assess their security practices. The Guard allows you to send vendor questionnaires to each of your business associates. Just like the self-audits you completed, the vendor questionnaires allow for gaps to be identified. Before you are permitted to share PHI with the vendor, any identified gaps must be addressed with remediation efforts.

After your vendors are vetted, you will need to send them each a business associate agreement (BAA). Also a template in the Guard, BAAs must be signed before you are permitted to share PHI with your business associates. A signed BAA limits the liability of both parties as it states that both parties agree to be HIPAA compliant, and each is responsible for their own compliance. 

  • Create an incident response plan

HIPAA requires healthcare breaches to be reported in a timely manner, with the ability for employees to report breaches anonymously. The Guard allows for this as well. An incident response plan dictates protocol for quickly detecting and responding to breaches. Having a tested incident response plan drastically reduces the costs associated with breaches.

  • Seal of Compliance

After you have completed our HIPAA compliance implementation process, you are eligible to receive our Seal of Compliance. The Seal, while not a HIPAA certification, verifies and validates your organization’s “good faith effort” towards HIPAA compliance. The Seal is available in three forms, a clickable seal for your website and your email signature, and a sticker to put in your organization’s window. The clickable Seal redirects to our website, where your “good faith effort” is verified and validated.

HIPAA compliance services should encompass all that is HIPAA. Organizations that choose Compliancy Group can be confident that we have you covered. We have been involved in several HIPAA audits on behalf of our clients, and we have never failed an audit! In the event that you are subject to a HIPAA audit we will provide you with full audit support, providing all of the documentation you need to prove your “good faith effort” towards HIPAA compliance.