ComplianceBe prepared and stay protected.
A HIPAA Risk Analysis is a core objective to qualify for the Meaningful Use stimulus and is the first and foundational step in achieving HIPAA compliance.
Under HIPAA and Meaningful Use guidelines, a comprehensive risk analysis is required at least once a year for each and every Covered Entity and Business Associate. With the increased likelihood of being audited for HIPAA compliance and MU incentives, coupled with the sizable penalties involved, healthcare organizations must be diligent about following the proper protocols during their annual Risk Analysis.
What We Do
Technology and compliance in healthcare go hand-in-hand and our approach does too. Solve’s services differ because our compliance and technology professionals collaborate to examine, develop, validate and deliver security recommendations to our clients.
- Asset Identification
- Visualizing Vulnerability
- Inventory Management
- Environment Security
- Access Controls
- Roles & Responsibilities
- Processes and Response
We don’t just provide you with a list of recommendations, Solve can augment or take ownership of remediation. Our talented and cohesive teams deliver definitive results with finesse because we practice what we preach.
Here are some recent and notable privacy/security violations that illustrate the financial and criminal liability associated with HIPAA breaches for Covered Entities and their Business Associates.
Advanced Spine & Pain Management, a provider of chronic pain-related medical services in Cincinnati and Springboro, OH, failed to provide a patient with timely access to the requested medical records. The HIPAA Right of Access violation was settled with OCR for $32,150.
Ridgewood, NJ-based Village Plastic Surgery failed to provide a patient with timely access to the requested medical records. The HIPAA Right of Access violation was settled with OCR for $30,000.
In 2015, Excellus Health Plan reported a breach of the ePHI of 9,358,891 individuals. OCR investigated and uncovered multiple potential violations of the HIPAA Rules: A risk analysis failure, risk management failure, lack of information system activity reviews, and insufficient technical policies to prevent unauthorized ePHI access. The case was settled for $5,100,000.
OCR received a complaint from a patient of California-based Riverside Psychiatric Medical Group in March 2019 alleging he had not been provided with a copy of his medical records. OCR intervened but received a second complaint a month later when the records had still not been provided. OCR determined this breached the HIPAA Right of Access provision of the HIPAA Privacy Rule. The case was settled for $25,000.
Click the button below or call us toll-free at (949) 891-0300 to speak to a live person.