SOC reports for HIPAA
The 2013 Omnibus rule is a game changer of the HIPAA /HITECH since the act in 1996. With the Breach listing on the WALL OF SHAME by HHS and penalties up to 1.5 million dollars for Covered Entities and Business Associates, HIPAA Compliance is on the top of the agenda for many organizations.
The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) called for the establishment of standards and requirements for transmitting certain health information to improve the efficiency and effectiveness of the health care system while protecting patient privacy.
HITECH Act and HIPAA also have a host of new regulations to safeguard the security and privacy of ePHI (electronic Protected Health Information). The regulations set standards for the security, the privacy of all medical records and all identifiable health information and the security of PHI/ ePHI.
To be compliant, a Covered Entity and Business Associate must implement policies, procedures, and controls to secure their PHI/ePHI records, and comply with the HIPAA Security Rule, HIPAA Privacy Rule, and the HIPAA Breach Notification Rule requirements.
Each entity must comply with the rights of patients else face fines, penalties and possible jail time for non-compliance.
Assurance Services for HIPAA compliance:
- HIPAA breach remediation
- Incident management framework implementation
- Risk Assessment & GAP Analysis of your current environment v/s HIPAA requirements
- Risk Mitigation & Implementation of controls specific to People Process and Technology
- HIPAA Assurance with AICPA SOC 2
- AICPA SOC 2 attestion for HIPAA Privacy Compliance
- Governance and Privacy Maturity Model