Health Insurance portability and Accountability Act (HIPAA) is a regulatory act created by the US congress in 1996 to set standards for the security and privacy of personal medical information/data (PHI) and its lawful use and disclosure.
The HIPAA regulation is made up of number of rules as shown in diagram below:
HIPAA regulation identifies two types of organizations that must be complaint with HIPAA rules:
- Covered entities: Any organization that collects, creates, or transmits PHI electronically.
- Business Associates: Any organization that encounters PHI in any way over the course of work that it has been contracted to perform on behalf of a covered entity.
HITRUST is an organization that helps achieve HIPAA compliance rules using its Cyber Security Framework (CSF) that comprises of Administrative, Physical & Technical requirements.
ValueMentor helps organization achieve HIPAA compliance by implementing HITRUST CSF in a phase-wise approach:
We help organizations to understand their scope environment by identifying PHI lifecycle that includes capture, processing, transmission, storage & disposal inorder to map against HIPAA rules. Based on this understanding, a suitable plan for analysis is created with associated responsibilities and activity timelines being clearly defined.
On the defined scope, we assess the current organization security controls in place to protect PHI, with reference to HITRUST CSF requirements: Administrative, Physical & Technical, which is then communicated along with its risks and areas of improvement. A target organization security posture to achieve is then defined that goes in line with organizational business requirements.
Based on the gaps and areas of improvement identified during the analysis phase, we help design and develop an appropriate information security governance program that is mindful of the many layers of stakeholders involved in your organization’s security. We develop the appropriate policies, procedures along with its required technical controls and plan for periodic internal reviews required to achieve and maintain your target organization framework profile. We help bridge the gap between your new security controls, and their day-to-day deployment, by training, educating, and offering hands-on implementation support to your biggest source of security risks— the people within your end users, IT users, and senior management
We help organizations to maintain their security posture by defining suitable control monitoring metrics and conducting periodic internal audits. This would enable organizations to keep track of its cyber risks and monitor effectiveness of cyber security controls set against to protect PHI.
Why choose ValueMentor?
- Team of seasoned consultants experienced with working on health care industry.
- Expertise in implementing HITRUST CSF over 10+ health care organizations (That includes health care providers & insurance companies)
- Proven record on supporting clients to keep hold of their security & privacy requirements while handling PHI regardless of its business/operational challenges.
- Ability to provide vendor agnostic solutions