DCS provides HIPAA Hi-Tech Security Compliance Services where you will work with one of our HIPAA compliance experts to remediate IT issues uncovered during your a HIPAA Security Risk Assessment. DCS will hold your hand to help you navigate confusing HIPAA Hitech Security rules. Conducting HIPAA Risk Assessments is a mandatory and crucial requirement for Covered Entities and Business Associates.
Under the HIPAA Omnibus Security Rules unveiled in 2013 Healthcare Providers and Other Covered Entities as well as Business Associates are required to comply with a multitude of cybersecurity rules as well as document their administrative and physical safeguards for protecting Protected Health Information or (PHI) and undergo annual Security Risk Assessments which help to uncover potential issues with your handling of PHI and help ensure that you stay compliant with HIPAA security rules.
This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
In addition to the above so-called "Covered Entities" there is an estimated 2,000,000 additional "HIPAA Business Associates" that are exposed – or have access to -- protected information making them also subject to HIPAA regulations. A HIPAA Business associate is any of the following types of businesses that has one or more Covered Entities as a customer or client:
EVERY Business Associate, and all of their subcontractors, must have proof of a HIPAA Risk Analysis under the law. Even if they wanted to, most of these organizations do not have the staff, resources or expertise to do it themselves. HIPAA audits and investigations require evidence that required tasks have been carried out and completed by covered entities and documentation of this must be kept for six years.
Evidence of Compliance includes log-in files, patch analysis, user & computer information, and other source material to support your compliance activities. When all's said and done, the proof to proper documentation is accessibility and the detail to satisfy an auditor or investigator are included in this report.
After a Risk Assessment DCS can implement needed IT fixes and help clients with implementing procedures that are designed to allow authorized access and deny unauthorized access, to and within facilities, to limit access to devices that can access or store ePHI.