One of the areas we review on all audits and assessments of the HIPAA Security Rule is HIPAA’s requirements concerning contingency plans.
In a press release dated December 17, 2015, the AICPA announced that it had collaborated with the Health Information Trust Alliance (HITRUST) to develop an illustrative SOC 2 report useful to health care industry service organizations that must demonstrate compliance with HIPAA’s security requirements
Linford & Company offers two types of reports that address security, the SOC 2 Security report and the AT 601 HIPAA Security report.
Entities seeking to demonstrate Health Insurance Portability and Accountability Act (HIPAA) compliance to their customers and potential customers have several options available.
The EU General Data Protection Regulation, or “GDPR” as its called, is expected to become law in late 2015 or early 2016. It is meant to modernize the personal data protection rules across the EU’s 28 member countries. Reportedly, it will address current topics like social networking, cloud services, globalization, and much more.
Under the Patient Protection and Affordable Care Act (the “ACA”), health insurance marketplaces have been set up to facilitate the purchase of health insurance in each state.
The ever-growing emphasis on governance, risk management, and compliance has driven companies to focus on internal controls over all aspects of their operations.
The short answer is “No,” but as one of the many areas in HIPAA that are not crystal clear, “it depends” and judgment is involved. I’ll draw from an HHS Office of Civil Rights publication in providing the long answer. The Privacy Rule allows covered entities to communicate electronic protected health information or “ePHI” electronically, […]
The modifications to HIPAA known as the “HIPAA Omnibus Rule” became effective March 26, 2013, and covered entities and business associates were give about 6 months to get in compliance.
The HIPAA Security Rule places so much emphasis on the importance of “Risk Analysis,” that it was positioned front-and-center as the first requirement in the first section of HIPAA – the Administrative Safeguards. Yet, as we do HIPAA compliance gap assessments for organizations, it is rare to find that a formal IT Risk Assessment has […]