- Contact Us
Here at Compass, we have seen a huge upswing in the number of HIPAA / HITECH risk assessments we have been conducting over the last year. Covered entities (Doctors, Hospitals, Pharmacies) and health plans are obviously storing PHI (protected health information) and ePHI (electronic protected health information) on behalf of patients, however, there has been a huge upswing of assessments around “Business Associates”. According to the Health and Human Services website, a business associate is defined as, “a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity”. Because of the outsourcing of everything from IT support to call center management, many companies now encounter both PHI and ePHI as part of their jobs, and clients are asking they go through a HIPAA Risk assessment.
During these assessments, we look at how the organization stores, processes, accesses, and uses data. We sit and go over steps and best practices of what to do to be HIPAA compliant. However, there are several areas that we see gaps in consistently. The following are five areas to avoid (or correct if you recognize them in your company) if you are looking to be HIPAA compliant:
Achieving HIPAA Compliance involves quite a bit of effort and hard work to ensure that information is protected and that staff understand how and why certain actions must be taken. Closing the gaps in these areas will not only help you on your way, but they are all excellent general security practices as well!
For more information on how Compass can assist your organization with HIPAA Compliance, please contact us or download our HIPAA Services brochure below! Also, feel free to drop us a question or comment on how you handle HIPAA Compliance at your organization in the comment section below!