Background

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information (ePHI).  Subsequent Acts, HITECH and The Final Rule, strengthened HIPAA by imposing significant financial consequences for non-compliance.  These Acts require that businesses that manage ePHI take a more formal, best practices, approach to managing the privacy and security of their data.  Recognizing that our customers look to us for IT security leadership, our managed IT services offerings include HIPAA security compliance support.

 

Our Approach

Our seasoned IT engineering team can provide either a la carte or full HIPAA security compliance project management leadership for your organization.  With our history implementing ‘best practices’ IT security products and services, HIPAA security compliance is a natural extension.  And our enSircle customers find that many of their security compliance requirements are already covered.

Our thorough and detailed approach to HIPAA security compliance is linked directly to the federal Act.  With our customer, we translate each requirement into easily understandable, actionable tasks.  Many of these tasks are policy and procedural in nature.  The Orion Group IT security project manager helps identify options that best fit our customer’s capabilities and budget.  To help contain costs, many tasks can be accomplished by our customer with Orion Group’s oversight.
hipaa_med
Our methodology starts with a risk assessment.  Each HIPAA security requirement is measured against our customer’s current IT security state.  The risk for a security breach event is determined and prioritized.  The Orion Group project manager presents risk mitigation options to our customer.  Solutions are prioritized based on business risk and budget.  With this information, an implementation plan is developed to address risk gaps.  In many cases, this is a multi-year plan.  By working with our customer to develop and implement the plan, HIPAA security compliance is achieved.

 

Deliverables from a HIPAA Security Compliance Engagement

  • Full, federal standards risk assessment
  • Detailed, auditable documentation reflecting compliance requirements
  • Implementation plan derived from risk assessment process
  • Internally publishable IT policies
  • IT surveys to assess ‘business associate’ HIPAA security compliance level
  • IT systems products that close the security gaps.
  • Our enSircle managed services program.