HIPAA / HITECH

Rule Changes

Recent changes to HIPAA security & privacy rule enforcement and the the addition of the breach notification rules (under HITECH) have lead to more than just health care companies being impacted. Any company providing services to “covered entities” (health care organizations) will be required to sign Business Associate Agreements. These agreements generally require the service provider (your company) to agree that you are compliant with the HIPAA Security Rule as well as other provisions. Are you comfortable signing Business Associate Agreements? Regardless, if you have customers that are health care providers, you may be liable and subject to unwanted federal audits and penalties up to $1.5 million.

Leverage Existing Controls

Compliance with the HIPAA Security Rule is straightforward if you have other controls in place, such as those required to have a favorable SOC 2 Type II report issued. HIPAA requires that you have implemented “administrative, technical, and physical” controls. Administrative controls are covered by your policies, procedures, and risk analysis process. Technical and physical controls are dictated by your policies.

Liability

If you have any customers or partners that are health care providers, or have been asked to sign business associate agreements, don’t hold that extra liability. HIPAA compliance can often be achieved fairly quickly with minimal effort.

Have Questions About HIPAA?

LET US HELP YOU FIND OUT WHAT COMPLIANCE FRAMEWORK IS BEST FOR YOUR BUSINESS.

About company

Our unique combination of expert security and compliance consulting and penetration testing will ensure you’re prepared in the most practical and quickest way possible.

Services

Get Started with SOC 2 Compliance