HIPAA
Health Insurance Portability and Accountability Act
What is HIPAA?
HIPAA is an information security standard aimed to protect patient data healthcare organizations are entrusted with. It is closely regulated by the Office for Civil Rights (OCR).
How Does FRSecure Approach HIPAA Engagements?
Like many security standards, it all starts with doing the basics right. FRSecure starts with a risk assessment—giving you an in-depth look at where your strengths and weaknesses are as it relates to protecting patient data.
HIPAA Processes
Risk Assessment
A HIPAA and OCR engagement starts with a risk assessment. We take a holistic view of your security program while simulastaneously mapping to OCR protocols and satisfying MACRA MIPS.
Gap Analysis
Because FRSecure risk assessments map directly to OCR protocols, each report shows all OCR controls and where your organization does or does not comply. Also, looking at your security program in total, the gap analysis shows the checkbox compliance gaps as well as general security best practice gaps.
Remediation
Knowing where your gaps are in OCR protocols, FRSecure provides you with detailed remediation steps to help you fill any compliance gaps you may have.
Real-Time Improvements
Retesting is an important component of remediation. Your organization should be able to understand how each remediation effort impacts its overall security program. With an FRSecure risk assessment, the adjustments you make to your remediation report will immediately update your risk assessment and OCR mapping.
HIPAA FAQ
Who created HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the United States Congress.
Who needs to comply with HIPAA?
All healthcare providers in the United States need to be HIPAA compliant. This includes hospitals, doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies.
What’s required to comply with HIPAA?
To comply with HIPAA, general security best practices come into play. This includes adhering to and implementing required technical, administrative, and physcial safeguards.
