Healthcare organizations in the United States must comply with the HIPAA (Health Insurance Portability and Accountability Act) Privacy and Security Rule or face serious consequences. If your business is a health care provider, health insurance plan provider, employer group health plan provider, or if you work with any of these entities you are required to comply with HIPAA.

In order to fully comply with the HIPAA Privacy and Security Rule your organization must develop and adhere to stringent compliance requirements to ensure there is no unlawful disclosure of PHI (patient health information) or unlawful access to PHI by unauthorized entities.

What is HIPAA?

HIPAA stands for the Health Insurance Portability and Accountability Act. The HHS (Health and Human Services) published a final Privacy Rule in December of 2000, which was later modified in August of 2002. This Rule sets national standards for the protection of individually identifiable health information by three types of covered entities: health plans, health care clearinghouses, and health care providers who conduct the standard health care transactions electronically. HIPAA covers any entity that deals with PHI (personal health information) and their business associates (if you aren’t sure if you are covered we highly recommend you speak with a qualified attorney). Within HIPAA is a cybersecurity rule mandating that organizations put in place protocols to protect sensitive health information.

The HIPAA Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI (Electronic – Personal Health Information).

PHI stands for Personal Health Information, or e-PHI which covers electronic records, and consists of any information which can be used to identify an individual or their medical treatment. Some examples of PHI include:

  • Admissions Records
  • Prescription Records
  • Insurance Records
  • Medical Appointment Information
  • Medical History

Specifically, covered entities must:

  1. Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;
  2. Identify and protect against reasonably anticipated threats to the security or integrity of the information;
  3. Protect against reasonably anticipated, impermissible uses or disclosures; and
  4. Ensure compliance by their workforce.

To meet these requirements, HIPAA lays out a set of safeguards you must meet. These include controls that are divided into the following groups:

  • Risk Analysis and Management
  • Administrative Safeguards
  • Physical Safeguards
  • Technical Safeguards
  • Required and Addressable Implementation Specifications
  • Organizational Requirements
  • Policies and Procedures and Documentation Requirements

Touchstone Security is a different kind of HIPAA Compliance Consulting partner. We will work with you to create a flexible, streamlined cybersecurity program that integrates directly with your business and provides concrete, measurable security. Our team has experience designing, implementing, and managing cybersecurity compliance programs for dozens of Fortune 500 companies, government agencies, and businesses around the world.

Get a free 60-minute compliance evaluation with a senior-level CISO

Who Needs HIPAA Compliance Consulting Services?

If your organization works with PHI or e-PHI or works with any organization that deals with PHI you may be required to comply with the HIPAA security rules and regulations. These organizations are called “covered entities” and business associates. This means that even if you do not deal directly with PHI, but work with an organization that does, you too are required to comply with the HIPAA security rule or face serious consequences. The Privacy and Security Rule is a complex, lengthy document that requires both legal, regulatory, and cybersecurity professionals to manage and implement. You need a trusted cybersecurity and HIPAA compliance expert to walk you through the myriad compliance requirements and help your organization avoid a costly breach or violation.

Touchstone was amazing to work with! We had some issues with our systems and integration of new programs. We felt that the security of our systems was not up to the best standards. The CEO, Richard Shinnick, personally came over and evaluated our systems. He was able to pinpoint the holes in our systems immediately and fix any potential issues before they ever happened. One of the best IT Firms I have ever worked with. Thank you Touchstone!

Ameen Nassiri, SPS Worldwide LLC

Rich and his team are remarkable. While at Columbia University Teachers College, they helped us plan/implement several large scale projects including ubiquitous wireless deployment and a firewall implementation. Rich has an extensive IT background and is an all around great guy to work with. I recommended that we bring his team in at St. John’s as well. They were able to come in, assess the situation, and provide the same fantastic results. I highly recommend Rich and his team.

Elise Lowenstein, Columbia University

Rich brings solid IT security experience along with immense integrity in the work he has performed for IntegraMed. All of his projects were completed on time and within budget. His track record of delivering reliable concept to reality projects under the pressures of a high availability and heavily compliant environments precedes him. I endorse Rich personally and professionally and look forward to working with him again on future projects.

Vijay Reddy, IntegraMed America

Rich is deeply technical and very thorough, but most of all he is a very honest person. He can make any technical jargon simply to understand in layman terms and help you understand what he is proposing so all know the benefits that is being recommended and implemented. I would work with Richard again on any project initiative that I maybe involved in the future.

Clive Fernando, PNC

We needed a security sharpshooter to assist with responding to the stringent requirements of a major academic healthcare system based on a comprehensive audit of our platform. Touchstone expertly facilitated our response and created the missing programs and policies necessary to satisfy our needs.

Kenny Schiff, Caresight, Inc.

Touchstone Security specialists completely blew away our most experienced and technically strong managers and some of our best people in infrastructure and security. Richard was in their words “a perfect 10.” He not only addressed the issues we asked him to look at but identified other areas of improvement in our security posture. Our team rated them “a perfect 10”!

Michael Ferranti, BuyerGenomics

What is a HIPAA Compliance Breach?

The HIPAA Breach Notification Rule also requires covered entities and their business associates to provide notification following a breach of unsecured protected health information. A breach is considered an ina[prpriate use or disclosure under the HIPAA Privacy Rule that compromises the security or privacy of PHI or e-PHI. Consequently, if your business does not disclose a breach you may face serious fines and financial penalties for a breach of PHI.

Touchstone Security is Your HIPAA Consulting Services Partner

Touchstone Security can help your organization with HIPAA compliance services by providing world-class HIPAA Consulting Services to organizations in New York, New Jersey, and the surrounding areas. Touchstone Security brings decades of IT and cybersecurity experience to each HIPAA Consulting Services engagement. Our team has implemented sophisticated IT programs for numerous Fortune 100 companies, U.S. Government agencies, and organizations working with PHI, PII, and those with compliance requirements.

Touchstone Security offers:

  • HIPAA Security Policies and Procedures
  • HIPAA Privacy Policies
  • Additional Security Software
  • End-User Training
  • Additional Security Procedures
  • Vulnerability remediation
  • Advanced Auditing and monitoring of your Privacy Program
  • Risk assessment
  • Privacy Program updates to comply with laws, rules, and regulations
  • Breach reporting for clients

Our information security experts can help you identify areas where you may be non-compliant and develop a set of security controls to help meet regulatory compliance. We conduct a thorough assessment of your data processing activities, your security program, and your company’s risk management. If there are areas where your data security can be optimized to meet compliance, we help you figure out how to do that. We can perform a comprehensive privacy impact assessment and outline a strategy to enact security measures that align with HIPAA requirements.

Why choose Touchstone HIPAA Compliance Services?

Ensuring that your organization is HIPAA compliant is not only important for data security and privacy protection but it is also important to protect yourself from potentially hefty fines and penalties that come from a breach or other HIPAA violation. Touchstone is here to help you understand how the HIPAA Compliance can integrate with your business. We can help you design a roadmap to meet HIPAA compliance and avoid incurring lofty fines from non-compliance.

Non-compliance can be costly, and HIPAA requirements can be complicated. Touchstone is here to help your business navigate the compliance requirements. Contact us today to find out how we can help you understand and meet HIPAA compliance.

Disclosure: in no way is this document to be considered legal advice, as this is our best attempt at interpreting the HIPAA Hi-Tech security rule. Always seek legal counsel when in doubt.

Get a free 60-minute compliance evaluation with a senior-level CISO