HIPAA Compliance Software
The Health Insurance Portability and Accountability Act (HIPAA) enacted in 1996, set forth industry standards for the handling of protected health information (PHI). The Department of Health and Human Services (HHS) defines PHI as any individually identifiable health information, classified into 18 HIPAA identifiers. PHI can include name, date of birth, address, financial information, health information, etc. There must be physical, technical, and administrative safeguards in place securing PHI. HIPAA law can be confusing to navigate as it does not clearly state what organizations need to have in place to be HIPAA compliant. Using a HIPAA compliance software streamlines the process of becoming HIPAA compliant.
Compliancy Group’s HIPAA Compliance Software
A good HIPAA compliance software encompasses all that is required by law into one easy solution. Compliancy Group’s cloud-based software the GuardTM is a total HIPAA compliance software that simplifies HIPAA compliance. Using the Guard, clients go through the process of HIPAA compliance guided by Compliance CoachesTM. Compliancy Group is the only organization that offers guided support throughout the entire HIPAA compliance implementation process. Compliance Coaches facilitate implementation through 5 to 8, 30 minute sessions. They are also available to answer any questions that may come up between sessions.
These sessions walk clients through:
- Six required self-audits: the HHS requires covered entities (CEs) to complete six self-audits annually. Business associates (BAs) are required to complete five annual audits. A business associate is a vendor that is hired by a covered entity to perform a service. The required audits are as follows:
-
- Security risk assessment
- Security standards audit
- Asset & device audit
- Physical site audit
- HITECH subtitle D audit
- Privacy assessment (not required for BAs)
- Gap identification & remediation plans: completing the self-audits allows for gaps in physical, technical, and administrative safeguards to be identified. Remediation plans are created to address the gaps identified by creating a written plan on how gaps will be closed.
- Developing customized policies and procedures: policies and procedures must be created in relation to how PHI is maintained, received, and transmitted. Policies and procedures are required to be written and periodically updated to account for any changes to business practices. In addition, they must be specific to the organization, ensuring that they are relevant to the organization.
- Employee training & attestation: employees are required to be trained annually on an organization’s policies and procedures, and HIPAA requirements. The HHS requires employee training to be documented. Compliancy Group’s HIPAA compliance software, the Guard, has means for individual employee tracking, enabling organizations to monitor an employee’s progress. In addition, employees are able to legally attest that they have read and understood HIPAA requirements and the organization’s policies and procedures.
- Business associate management: before choosing a business associate, healthcare organizations must vet their vendors. Also a feature of the Guard, clients are able to send their vendors self-audits that will identify the business associate’s gaps. BAs must agree to close those gaps with remediation plans to be HIPAA compliant. Additionally, business associate agreements (BAAs) are required to be signed between parties before any PHI can be shared, provided by the Guard. A BAA limits the liability for both parties if a breach should occur, as it states that both parties are HIPAA compliant and are responsible for their own compliance. A BAA also determines who is responsible for reporting a breach, should one occur. Without a signed BAA and adequate vendor vetting, both parties will be held accountable.
- Incident response: as part of the HIPAA regulation, healthcare organizations must report breaches. Employees must be able to report breaches anonymously, a feature of the Guard. In the event of a HIPAA audit, organizations must be able to provide documentation that they have everything in place required by the law. The Guard documents everything necessary to prove an organization’s “good faith effort” towards HIPAA compliance.
Would you Like to Achieve HIPAA Compliance with HIPAA Compliance Software?
We’ve vetted numerous HIPAA software applications and found Compliancy Group and their Compliance Coaches are best equipped to help guide you through the regulation!