ComplianceBe prepared and stay protected.
A HIPAA Risk Analysis is a core objective to qualify for the Meaningful Use stimulus and is the first and foundational step in achieving HIPAA compliance.
Under HIPAA and Meaningful Use guidelines, a comprehensive risk analysis is required at least once a year for each and every Covered Entity and Business Associate. With the increased likelihood of being audited for HIPAA compliance and MU incentives, coupled with the sizable penalties involved, healthcare organizations must be diligent about following the proper protocols during their annual Risk Analysis.
What We Do
At Solve Healthcare, we conduct a HIPAA Risk Analysis with our clients every 6 months. With the advent and use of technology at healthcare organizations, IT processes and the workflows that surround these functions changing frequently, we stay on top of evolving compliance regulations. Our compliance professionals measure and monitor actual practices to determine if policies are actively followed and to identify compliance risks, vulnerabilities, and potential PHI exposure.
Technology and compliance in healthcare go hand-in-hand and our approach does too. Solve’s services differ because our compliance and technology professionals collaborate to examine, develop, validate and deliver security recommendations to our clients.
- Asset Identification
- Visualizing Vulnerability
- Inventory Management
- Environment Security
- Access Controls
- Roles & Responsibilities
- Processes and Response
We don’t just provide you with a list of recommendations, Solve can augment or take ownership of remediation. Our talented and cohesive teams deliver definitive results with finesse because we practice what we preach.
Here are some recent and notable privacy/security violations that illustrate the financial and criminal liability associated with HIPAA breaches for Covered Entities and their Business Associates.
St. Elizabeth’s Medical Center did not analyze the risks of an Internet-based document sharing app, which stored protected health information for almost 500 individuals, leading to a $218K fine.
A previous employee of Providence Alaska Medical Center was sentenced to serve two 24 month prison terms concurrently for unauthorized disclosure of two patients’ health information.
Concentra Health Services agrees to pay over $1.7 million to settle potential HIPAA violations after a laptop was stolen.
Stanford Hospital and Business Associate vendor agree to settle for a $4.1 million payment amount in data breach class action.
Dermatology private practice agreed to settle potential violations of HIPAA Safeguards with the Department of Health and Humans Services by agreeing to pay $150,000 for an unencrypted thumb drive that was stolen.
A UCLA employee receives a federal prison sentence for accessing patient records without proper authorization.