HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) requires the protection and confidential handling of protected health information (PHI), both in paper and electronic forms (ePHI).  HIPAA rules are required for companies that store, process, or handle PHI.

Whether you are a covered entity or a business associate to a covered entity, Barnes Dennig can assist your organization in meeting these rules.  This process can ensure that your organization has implemented the appropriate safeguards to protect the PHI in your care.

We help clients with:

  • Risk Assessments
  • PHI Inventories
  • Data Security Analysis
  • Business Associate Program Management
  • Common Policies including:
    • HIPAA Policy
    • Information Security Policies and Procedures
    • Security Incident Response Plan
    • Vendor Management Policy
    • Risk Assessment Policy
    • Risk Management Policy
    • Employee Handbook – Security and Privacy Sections
    • HIPAA Awareness Handout
    • Privacy and Confidentiality Policy
    • Privacy Officer Profile
    • Security Officer Profile
    • Electronic Policy / Terms of Use
    • Personnel Hiring Checklist and Departure Checklist
    • Disaster Recovery Plan (DRP) / Business Continuity Plan

Ancillary Benefits

In addition to the need for compliance, our clients also see additional benefits to following HIPAA guidelines.  Some say the compliance process can be like cleaning your garage.  You may find all kinds of things that have been forgotten or things that are just getting in the way.  So at the end of the day, in addition to being compliant, you have a garage without the clutter, or more precisely, a higher functioning organization.

  • Cybersecurity benefits – the process of evaluating your infrastructure, people and processes can benefit your cybersecurity posture through tightening loose ends previously unnoticed.
  • Security training – any opportunity to remind your employees of the threats to data (your data and your patients’ data) can be valuable in the “human firewall” line of defense.
  • Data management – are there obsolete data in your live environment or your backups?  Removing that data may reduce your risk of exposing confidential information.  It may also save time and money in the future as data archives are moved or searched.  Now is a time to save what’s important and delete what’s not needed.
  • Compliance confidence – rather than sheepishly answering the question “are you HIPAA complaint?”, train your employees to answer the question with confidence.  It may help put employees and patients at ease (or customers if you are a “business associate”) and help you set the tone for quality in all aspects of operations.
  • Privacy is good – demonstrating respect for privacy can set the tone in your culture that people matter.  Your employees and customers may see this as a sign that your organization is responsible and trustworthy.
  • Cyber insurance rates – we recommend contacting your insurance carrier during this process.  There may be key milestones that will enable your carrier to reduce your rates as you reduce your risk.