ecfirst Home | Press | Contact Us | Site Map
ecfirst Healthcare Home

Managed Compliance Services Program for HIPAA PDFManaged Compliance Services Program for HIPAA

Meeting the Recurring Regulatory Requirements of the Health Insurance Portability and Accountability Act - Privacy and Security Rule

The Health Insurance Portability and Accountability Act (HIPAA) regulates the privacy and security of personal health information. HIPAA refers to this information as Protected Health Information (PHI). The legislation mandates healthcare organizations to maintain compliance with reasonable and appropriate safeguards in several specific areas. On a regular schedule, healthcare organizations must:

  • Conduct a comprehensive and thorough risk analysis
  • Complete a Business Impact Analysis (BIA) for contingency planning and disaster recovery
  • Develop and update security policies and procedures
  • Train members of the workforce
  • Audit and evaluate the information infrastructure

Executive Summary of Service

ecfirst.com Healthcare offers Managed Compliance Services Program tailored to meet your HIPAA security compliance requirements. Key features of ecfirst.com Healthcare’s Managed Compliance Services are:

  • Bundled outsourced solution for a fixed monthly fee
  • Periodic performance of vulnerability assessments, security risk analysis, BIA and contingency planning
  • Training, certification and periodic audit and evaluation to keep your organization
  • fully compliant at all times
  • Keeping you compliant with the regulatory requirements, to help you focus on the business of delivering exceptional patient care and services

Benefits of outsourcing HIPAA compliance include:

  • Minimizing productivity losses from unexpected downtime
  • Enabling staff to better focus on business-critical tasks and complying with key regulations within HIPAA
  • Depth in resource capabilities with trusted knowledge of client infrastructure
  • Smooth out volatility in resource demands and costs associated with managing information technology

Managed Compliance Services Program

The information infrastructure within healthcare organizations is constantly changing, and new systems such as clinical, financial or others are adding to the complexity. Compliance must be maintained as changes are introduced. Further, attacks on the infrastructure are a 24x7 activity and the volume of personal health information flowing within the organization is increasing at an unprecedented pace. This is causing significant resource strains on the existing IT staff and management. Also, in most environments, the specialized skills required and typical of credentialed professionals in IT are lacking within the healthcare organization.

ecfirst.com Healthcare’s Managed Compliance Services Program is tailored to meet HIPAA’s requirements and provide you with specialized capability in the areas of vulnerability assessments, BIA and contingency planning, training and certification, as well as audit and evaluation. We focus on regulatory requirements and keeping you compliant, so you can focus on your business of delivering exceptional patient care and services.

The benefits of outsourcing HIPAA compliance include minimizing productivity losses from unexpected downtime, enabling staff to better focus on business-critical tasks and complying with key regulations within HIPAA. Also, the Managed Compliance Service Program provides you with further depth in resource capabilities with trusted knowledge of your infrastructure. This can help smooth out volatility in resource demands and costs associated with managing information technology.

Table 1 specifically identifies HIPAA requirements addressed by Managed Compliance Services Program.

HIPAA Regulation

HIPAA Requirement

Managed Compliance Service

Risk Analysis
164.308(a)(1)

Conduct an accurate and thorough assessment of the potential risks to and vulnerabilities of the confidentiality, integrity and availability of the entity’s electronic protected health information (EPHI).

On an annual basis we will conduct a thorough security vulnerability assessment followed by a comprehensive Risk Assessment highlighting the gaps and providing recommendations for remediation.

Assigned Security Responsibility
164.308(a)(2)

Covered entities must identify the security official who is responsible for the development and implementation of the Security Rule’s required policies and procedures.

An interim security officer will be assigned to your organization to meet compliance requirements. Service is flexible and can be tailored to a few hours a week to a full-time on-site staff position.

Security Awareness and Training
164.308(a)(5)

Covered entities must implement a security awareness and training program for all members of the workforce.

Content will be provided for on-going training for HIPAA Security for all members of the workforce. Content can easily be tailored by your organization based on job role requirements defined.   

Limited number of IT professionals and managers will be provided with vouchers to attend the 4-day HIPAA certification program delivered nationally.

On an annual basis, we will conduct an executive briefing for senior management covering topics like industry best practices, advancements in information security technologies and changes in legislation and accreditation standards.

Contingency Plan
164.308(a)(7)

Covered entities must establish policies and procedures for responding to an emergency.

On an annual basis we will conduct a business impact analysis and provide recommendations for Business Continuity / Disaster Recover planning.

Evaluation
164.308(a)(8)

Covered entities must perform periodic evaluations to determine the extent to which the security policies and procedures meet the Rule’s requirements.

On an annual basis we will evaluate the organization’s state of compliance with the requirements of the HIPAA Security Rule.

Policies, Procedures and Documentation
164.316

Covered entities must implement reasonable and appropriate policies and procedures to comply with standards and implementation specifications of the HIPAA Security Rule.

On an annual basis we will review existing policies and procedures and provide specific recommendations to update documentation based on changes to the organization’s digital information infrastructure.

HIPAA Privacy Rule
45 CFR Parts 160, 162, and 164

The Department of Health and Human Services (HHS) has issued the regulation, “Standards for Privacy of Individually Identifiable Health Information,” applicable to entities covered by HIPAA. The Office for Civil Rights (OCR) is the Departmental component responsible for implementing and enforcing the privacy regulation.

On an annual basis we will review existing HIPAA Privacy policies and provide specific recommendations to update documentation.

Table 1: Managed Compliance Services Program.

The AHA proudly endorses HIPAA Academy’s Training Solutions for its membership.
HIPAA Academy's HIPAA Compliance Training Solutions have the exclusive endorsement of the American Hospital Association (AHA).

Hospitals Trust the American Hospital Association (AHA)

HIPAA Academy's HIPAA Compliance Training Solutions have the exclusive endorsement of the American Hospital Association (AHA). Every business day we are delivering HIPAA solutions, both training and consulting, to hospitals across the United States. Our organization introduced the first program in the industry to comprehensively cover the HIPAA regulation. Our HIPAA training and certification programs have been attended by hundreds of organizations and thousands of professionals. Our clients include the U.S. Army, U.S. Air Force, U.S. Coast Guard, U.S. Department of Homeland Security, many state and county governments and hundreds of hospitals, long term care, assisted living and other organizations.

Hospitals Trust ecfirst.com Healthcare

Why trust managed services from ecfirst.com Healthcare? Because when we deliver services, we bring not just a technology solution, but an in-depth understanding of hospitals as well as deep knowledge of compliance requirements. We believe that business and technology challenges need to be aligned to achieve success with projects and initiatives on a continual basis. We only include credentialed, experienced professionals in our engagements.

ecfirst.com Healthcare Clients

  • Edward Hospital and Health Services
  • Samaritan Hospital
    BSA Hospital
  • Condell Health Network
  • Passavant Hospital
  • St. Anthony’s Hospital
  • Northwest Community Hospital
  • The Children's Hospital of Philadelphia
  • North Broward Hospital District
  • Shriners Hospitals for Children, Chicago
  • RML Specialty Hospital
  • Rockford Health System
  • Shriners Hospital for Children
  • CGH Medical Center
  • Richland Memorial Hospital
  • IPMR
  • Tufts-New England Medical Center
  • Provena Health
  • U of I Medical Center
    Memorial Hospital
  • Washington County Hospital
  • Hammond-Henry Hospital
  • Hospital Perea
  • Siskin Hospital for Physical Rehabilitation
  • Mercy Medical Center
  • Madigan Army Medical Center
  • Memorial Healthcare System
  • Sarah D. Culbertson Memorial Hospital
  • Alameda County Medical Center
  • Picken County Medical Center
  • Native American Health Center, Inc.
  • Children's Hospital & Research Center at Oakland

About ecfirst.com Healthcare

ecfirst.com is a leader with rich hands-on experience delivering world-class services in the areas of:

  • Security regulatory compliance solutions (HIPAA, FISMA, Sarbanes-Oxley)
  • Compliance training and certification
  • Service Oriented Architecture (SOA) consulting and development
  • Professional staffing, including project management

Regulatory Compliance Practice

The ecfirst.com Regulatory Compliance Practice delivers deep expertise with its full suite of services that include contingency planning/Business Impact Analysis (BIA), secure single sign-on, vulnerability assessment, as well as managed security and IT infrastructure solutions.

Compliance and Training certification

ecfirst.com, home of the HIPAA Academy, offers the gold standard in compliance training and is endorsed by the American Hospital Association (AHA).  The HIPAA CHA™, CHP and CHSS™ certifications are the only certifications recognized in the Industry.

Credentialed Professional Staffing Practice

The ecfirst.com Professional Staffing Practice excels in meeting your short and long term requirements for contract professionals in the areas of Web development, IT  and project management. This practice is distinguished with credentialed staff (PMP, CBCP, CISSP, CSCS™ or CHSS™) that includes deep industry knowledge in the healthcare, financial and government markets.

ecfirst.com assists all types of organizations with their compliance initiatives for a secure information infrastructure that is compliant with regulation requirements. ecfirst.com can help you with your compliance challenges and priorities. ecfirst.com solutions help your organization implement the security safeguards required as a result of the legislation requirements.

ecfirst.com, an Inc. 500 business, serves a Who’s Who client list that includes , U.S. Veterans Agency, numerous hospitals, state and county governments (State of Oregon, Iowa,, Illinois), and hundreds of other organizations.

ecfirst.com is endorsed by the American Hospital Association (AHA) and the Illinois Hospital Association (IHA).

We understand that if, and only if, we deliver exceptional value to your organization in every instance of our engagement, will we be able to have you as a customer for life. All our work is executed with deep knowledge of your industry and compliance requirements by quality staff with certifications that substantiate their expertise. We are always striving to earn your trust.

Ask for a free copy of The Art of Information Security (limited to one per organization only). For more information, please visit http://www.ecfirst.com.

 

 

Last updated: July 23, 2007