The Department of Health and Human Services’s Office for Civil Rights (OCR) enforces the privacy, security and breach notification rules under the Health Insurance Portability and Accountability Act (HIPAA).
Our Certificate of Compliance is not an official or legally recognized process or accreditation, and is not binding on the OCR. HIPAA compliance is an ongoing process. Our Certificate of Compliance implies that you are implementing the safeguards provided through our proprietary compliance program. We are not certifying or attesting to such safeguards that you are not implementing or to any specific date of compliance. Our Certification is not a guarantee that the covered entity will continue to be in compliance with HIPAA or that the covered entity has not experienced or will not experience any data breach. Our Cyber Insurance Coverage may assist financially with risks associated with any potential compliance gaps.
WE HELP YOU COMPLY WITH PCI AND HIPAA REQUIREMENTS
Our Certificate of Compliance implies that you are implementing the safeguards provided through our proprietary program. But even with a certification, your practice still could experience a data breach.
Our certification is not a guarantee that you’re immune to an attack – but it’s a start. Our full-service HIPAA compliance solution includes $500,000 in insurance coverage, to cover risks from any potential compliance gaps.
VERIFY YOUR SAFEGUARDS
WE’LL HELP YOU IMPLEMENT THE FOLLOWING HIPAA SAFEGUARDS:
- Maintenance and Updating of HIPAA Policies and Procedures
- Documentation of Workstation Access Rights and Use
- Execution of Employee Security Awareness Training and Execution of Acknowledgements
- Distribution of Notice of Privacy Practices
- Execution of Patient Authorization Forms
- Documentation of Emergency Planning
- IP Address Scanning and Testing
- Documentation of HIPAA Gap Analysis and Key Vulnerabilities
- Encryption Safeguards for Data Backup and E-mail Distribution
- Incident Response Reporting and Management (if necessary)
- HIPAA Compliance Safeguard Implementation Management and Reporting
- HIPAA Officer Designation and Responsibility Requirements
- Execution of Business Associate Agreements
FREQUENTLY ASKED QUESTIONS
Why is my practice vulnerable?
15 million people are the victims of identity theft each year. Healthcare practices are targeted more than yogurt shops, dry cleaners, and other businesses because they possess the most sensitive repositories of personal information. Hackers can sell every patient file for over $500 on the open market and some are now holding data for ransom. A simple internet search for “Data for Ransom” illuminates the unfortunate risks being experienced by many healthcare providers today.
How can I tell If HIPAA affects me?
If you furnish, bill, or receive payment for healthcare in the normal course of business , or if any transactions are conducted in electronic form – then your practice must comply with HIPAA/PCI regulations.
Must I compy with new HIPAA Privacy Standards?
Congress has signed into law a Privacy Rule that health plans, healthcare clearinghouses, and healthcare providers who conduct financial transactions electronically must comply. These electronic transactions are those for which standards have been adopted by the Secretary under HIPAA, such as electronic billing and fund transfers. These entities are bound by the new privacy standards, even if they contract with others to perform essential functions.
What is the PCI DSS Compliance Standard?
PCI DSS is a unique set of security and business requirements designed to ensure entities that process, store, or transmit credit card information do so in a secure environment. The standard is administered by the PCI Security Standards Council – which oversees all administration and management. For a full list of standards and how each applies to your business, visit: www.pcisecuritystandards.org.
HIPAA Compliance is vital. However, is PCI Compliance necessary?
HIPAA only addresses the portability and accountability of patient data. Quite often, this excludes unprotected financial records. A PCI Violation is also a HIPAA violation. In other words, PCI violations are a double exposure for healthcare providers and should be an essential piece of the compliance process.
Honestly, isn't a Patient Data Breach more serious?
Any data breach has serious consequences for the patient & the business practice. If your organization does not perform due diligence, you’re open to steep fines, fraud, and loss of credit card processing rights.
Are non-compliance penalties really that bad?
Failure to comply can result not only in fines of $500,000 per data security incident and penalties of $50,000 per day for non-compliance.
Why does PCIHIPAA merge compliance solultions?
The two are inextricably linked. Any PCI breach is also considered a HIPAA violation. Backed by 20 years of experience in these complex markets, PCIHIPAA is the only company to offer complete
I already know compliance fIrms. Why should I consider PCIHIPAA?
PCIHIPAA is solely focused on Payment Card Industry and HIPAA compliance. We work with 1,000’s of practices nationwide and understand your need to balance costs with the right level of protection for your practice.
PCIHIPAA delivers a one stop compliance program. Learn about our PCI and HIPAA Compliance Program
TAKE OUR RISK ASSESSMENT
HIPAA requires that all healthcare offices and business associates conduct a risk assessment. Take our risk assessment for free today to learn where you may be at risk. By knowing your risk, you can best protect your practice from the costly devastation of a data breach or a financial penalty for non-compliance.
TRUSTED BY THOUSANDS
OF HEALTHCARE PROVIDERS AND PARTNERS
DO YOU KNOW A DOCTOR’S OFFICE THAT COULD USE HELP WITH COMPLIANCE?
PCIHIPAA = PEACE OF MIND
After taking the free online HIPAA Risk Assessment offered by AAOMS, I realized our practice could use help with our information security needs. The staff is so helpful and friendly and I finally feel that our practice is on the right path toward being compliant. The stress of not having to worry if we are compliant is so worth it. I highly recommend the PCIHIPAA program to help with your office HIPAA and security obstacles.
Oral Surgery & Implant Specialists Dakota Dunes, South Dakota