Dara Security

HIPAA

Background

The Health Information Portability and Accountability Act (HIPAA) was enacted in 1996 to address the security and privacy of health care data. In addition, the Health Information Technology for Economic and Clinical Health Act (HITECH Act) was enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA) and signed into law on February 17, 2009. The HITECH Act amended HIPAA with significant changes to data breach notification, enforcement, and penalties.

 

Covered Entities

Covered entities, such as hospitals and healthcare providers, have been required to comply with the Health Information Portability and Accountability Act (HIPAA) since 1996. Service providers (a.k.a., Business Associates or BAs) for these covered entities likely had a contractual obligation to comply with HIPAA, but as of September 23, 2013 (Omnibus Rule under HITECH refinements), these service providers are also required to be covered directly under HIPAA. In other words, business associates to hospitals and healthcare providers are now contractually obligated and legally required to comply with HIPAA as they are now considered covered entities.

 

HIPAA Gap Assessment

To quickly identify these gaps and firmly establish a roadmap for compliance, Dara Security created a HIPAA Gap Assessment to review systems and processes to identify areas of non-compliance.  The HIPAA Gap Assessment is performed against selected services, applications, and infrastructure within an organization. It reviews current privacy measures, as well as security controls against HIPAA by:

    Documenting your level of regulatory compliance


    Identifying HIPAA Program vulnerabilities and weaknesses


    Providing independent verification of the effectiveness of existing controls


    Reducing the organization’s privacy and security costs


    Offering insight into industry best practices


In return, you will:

    Greatly minimize risk by quickly benchmarking against HIPAA/HITECH to identify non-compliant areas


    Streamline the remediation process


    Reduce the cost, confusion, and complexity of HIPAA/HITECH compliance


    Provide regulators and business partners evidence that your organization has taken a risk-based approach to quickly attain HIPAA compliance


    Avoid damages often totaling millions of dollars that could result from a protected health information (PHI) compromise


    Add value to your overall compliance program by engaging a non-partisan third-party professional partner


 

Dara Security Experts

Dara Security's consultants are experts in understanding both the technical aspects and the business components of your organization. Our experienced Team Members have worked with many organizations in the commercial, government, and health and human services sectors, including providers and service organizations. As part of these relationships, Dara Security has gained extensive knowledge and experience with National Institute of Standards and Technology (NIST) security control frameworks, such as NIST SP 800-66 [PDF], that are commonly used in government agencies and can be adopted by commercial organizations for determining their compliance with the HIPAA Security and Privacy Rules.