HIPAA Security Compliance Services
Did you recently receive notification from your DSRIP or BHCC that you weren’t compliant with the HIPAA Security Rule based on a risk assessment? Do you have extensive remediation to complete quickly? Or, do you need a risk assessment completed, or possibly other security-related services? Do you need help with your security policies and procedures? We'll help you with HIPAA compliance
You are not alone. We’ve been working with HIPAA since 2003 and have found that many CBOs, County Mental Health Clinics, and even many inpatient providers are not compliant, especially with the HIPAA Security Rule (45 CFR 160, 162, 164). Although compliance with the privacy rule received a great deal of attention, compliance with the HIPAA Security Rule seems to have been missed by most IT Departments and many providers. I’m not sure why, but communications between IT and the Covered Entities they support seem to have broken down over the HIPAA Security Rule, for which compliance has been mandatory since 2005. The result is that many organizations that think they are compliant are actually not compliant at all.
The good news is you can fix it pretty easily and we have developed great processes for compliance over the last 15 years.
What we do
We work with your management, IT staff, and compliance staff to create a complete plan that will get you where you need to be quickly. The outcome is a set of security policies and procedures that are 45 CFR compliant and integrated with your organization’s unique business processes and culture. We can generally deliver a complete outcome within a few weeks for smaller organizations.
HIPAA For County Governments
We also work with county governments to bring the entire organization up to HIPAA Security Rule standards since many county departments such as Mental Health, Public Health, and Social Services must be compliant. If your county department is a covered entity and shares an IT infrastructure with other county departments, this is an option you should seriously consider. We’ll be glad to talk with your county commissioners, executives and managers about this option.
Give us a call today at 607.731.4097 to discuss HIPAA for your behavioral health organization or county mental health clinic. Schedule a meeting using one of the buttons below. Schedule a meeting e-mail us
For more background, read Jeff’s articles on HIPAA
- Risk assessments for local governments and SMBs. CIO.com, May 2017.
- HIPAA as an umbrella for county/municipal cybersecurity. CIO.com, April 2017.
- County and municipal cybersecurity – Part 2. CIO.com, April 2017.
- County and municipal cybersecurity – Part 1. CIO.com, March 2017.
- May I see your comprehensive security policy please? CIO.com, October 2016.
- The ACA and the death of medical privacy. CIO.com, August 2016.
- Why should county commissioners and executives care about HIPAA? Careers in Government, February 2018.