HIPAA Compliance Consulting

UTM:Healthcare provides consulting support to the health industry

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) provides a federal floor of safeguards to protect the privacy and security of protected health information (PHI). While the Security and Privacy Rules both share a common goal of safeguarding PHI, the Security Rule, later expanded upon with the Health Information Technology for Economic and Clinical Health Act (“HITECH” Act) and the 2013 HIPAA Omnibus “Final” Rule requires covered entities and their business associates to implement appropriate administrative, physical and technical safeguards to protect electronic protected health information (“ePHI”).

Risk Analysis and Management Plan

To achieve HIPAA compliance, the Security Rule requires covered entities and their business associates to implement a Risk Analysis and Risk Management Plan. Risk analysis and risk management are standard information security processes and are critical to a covered entity’s Security Rule compliance efforts.

Periodic Risk Analysis and Management Review

The United States Department of Health and Human Services recommends organizations conduct a risk analysis periodically, particularly whenever technology or business operation changes are planned or implemented. A properly-conducted HIPAA risk analysis enables an organization’s management to understand potential threats and determine the necessary actions needed to reduce risk. Contact us if you would like to learn more about how YouThisMe can help your organization achieve HIPAA compliance with an information security risk analysis and risk management plan.