Your HIPAA Platform With Compliancy Group

Utilizing a HIPAA platform to implement your HIPAA compliance program is an effective way to manage HIPAA compliance. Compliancy Group’s HIPAA platform, the Guard™, is a web-based HIPAA compliance solution that allows you to manage your HIPAA compliance program from anywhere with an internet connection. 

What is the Guard HIPAA Platform?

The Guard HIPAA platform allows you to build a HIPAA compliance program custom made for your organization. Having a custom compliance program, allows you to address the full extent of the HIPAA regulation. However, you don’t have to do it alone. Expert Compliance Coaches™ guide you through the full implementation process, and are always there to answer any questions that may come up along the way.

Our HIPAA platform allows you to complete:

• Self-audits: the Department of Health and Human Services (HHS) requires organizations working with protected health information (PHI) to complete self-audits annually to assess their safeguards securing PHI. HIPAA covered entities (CEs) are required to complete six annual audits, while HIPAA business associates (BAs) and managed service providers (MSPs) are required to complete five.

Our HIPAA platform allows you to complete all of your required self-audits, automatically identifying gaps in your business practices. We also remind you each year when it is time to update your self-audits to reevaluate your business practices, ensuring that you account for any changes that may affect the safeguards you have in place.

• Gap identification and remediation plans: an essential component of HIPAA compliance is identifying your gaps and addressing those gaps with remediation plans. Once you have completed your self-audits in our HIPAA platform, gaps are automatically identified. Then our Compliance Coaches create remediation plans for you to implement, allowing you to close your gaps.

• Policies and procedures: policies and procedures dictate the proper uses and disclosures of PHI by staff members. They also describe what safeguards you have in place safeguarding PHI. Policies and procedures identify your Privacy Officer, Security Officer, and Compliance Officer. Within your policies and procedures should be a section discussing how to report a suspected breach, and who to report a breach to.

Compliancy Group’s HIPAA platform allows you to create custom policies and procedures with help from your Compliance Coach. The HHS requires you to have policies and procedures that are made specifically for your organization; since businesses operate in different ways, custom policies and procedures ensures that you have covered the full extent of HIPAA law. You are required to review and edit your policies and procedures annually to ensure that they are still in line with your business practices. With Compliancy Group as your HIPAA platform, you are reminded when it is time to do so.

• Employee training: also required to be completed annually, employees must be trained on HIPAA standards, as well as your organization’s policies and procedures. Employee training educates staff members on HIPAA requirements, the proper uses and disclosures of PHI, how to recognize a possible breach, who breaches should be reported to, and how social media is permitted to be used.

Our HIPAA platform includes all of the required annual training. Utilizing the Guard HIPAA platform, administrators are able to track each employee’s individual progress. Additionally, employees are able to legally attest that they have read and understood all of the training material.

• Business associate management: to be HIPAA compliant, you must vet your vendors to ensure that they are adequately protecting the PHI that they create, maintain, store, or transmit on your behalf. If you fail to vet your vendors, in the event that they experience a breach, you will be held accountable. 

Our HIPAA platform allows you to send vendor questionnaires to all of your vendors, assessing their safeguards. Once vendors have completed their questionnaires, their responses are automatically uploaded to our HIPAA platform. Like with your self-audits, vendor questionnaires identify vendors’ gaps so that they may address them with remediation plans. If a vendor is unwilling to implement remediation plans, you should consider working with a different vendor, as you would be held liable if they experienced a breach.

Once vendors have been vetted, the next step is to send them business associate agreements (BAAs). A BAA is a legal document that dictates the safeguards the business associate must have in place. It also limits the liability for both signing parties in the event of a breach as it states that each party is responsible for maintaining their own compliance. Lastly, a BAA determines which party is responsible for reporting a breach, should one occur.

• Incident management: if you experience a healthcare breach, whether it is internal or external, you are required to report the incident. Employees must have the ability to report suspected breaches anonymously. You should also be able to track your reported incidents.

Compliancy Group’s HIPAA platform enables both anonymous reporting and incident tracking.