HIPAA Compliance

While HIPAA/HITECH may be a boon to the security of healthcare information, they also throw up a number of challenges for covered entities in the form of costs, tracking regulatory changes, extensive documentation, need for an enterprise-wide approach towards compliance management and many other challenges. To implement HIPAA requirements, a clear understanding of organizational risks and vulnerabilities is required. A siloed, ad hoc approach is not only inefficient but ineffective.

The Health Insurance Portability and Accountability Act (HIPAA) - Title II sets national standards for electronic health care transactions. The regulation requires security and privacy of health data during electronic data interchange in health care system.

Companies providing health care plan, acting as clearing house for health plan or delivering health care services are identified as "Covered Entities" under the HIPAA regulation. Covered entities have to follow 45 CFR §160, §162, and §164 rules to be HIPAA complaint and have to ensure that their IT systems follow Privacy and Security rules in the regulation. The IT systems have to ensure privacy and security rule of protected health information (PHI) during transmission and maintenance of health information through electronic media.

MetricStream Solution for HIPAA Compliance

• Implement popular IT governance frameworks for confidentiality, integrity, and availability of electronic protected health information
• Comply with Privacy and Security HIPAA rule (45 CFR § 164.304) by adopting control based architecture for administrative, physical and technical safeguards
  • Understand and define the information risk universe for PHI
  • Determine confidentiality, integrity, and availability requirements of PHI
  • Define and implement required controls
  • Develop enforcement, monitoring, and response mechanisms of controls through risk assessment, auditing and incident management
• Generate reports for HIPAA compliance
• Achieve cost saving and achieve efficiency in IT GRC program by easily integrating with emerging frameworks and regulations in common GRC platform
  • The Health Information Trust Alliance (HITRUST CSF)
  • Health Information Technology for Economic and Clinical Health Act (HITECH)
  • American Recovery and Reinvestment Act of 2009 (ARRA).

Downloads

• Solution Brief: HIPAA/HITECH Compliance
• Solution Brief: IT GRC - Enhancing Technology Capabilities
• Insight: IT BCP and DR
• Insight: New Compliance Challenges for the Healthcare Industry

Featured

Recorded Webinar: Are You Prepared for HIPAA Audits?
Expert Speaker: Jim Sheldon-Dean
Founder and Director of compliance services at
Lewis Creek Systems, LLC

Analyst Research

Access a complimentary copy of Gartner Magic Quadrant for Enterprise Governance, Risk & Compliance Platforms, 2011 to get an up-to-date view of the GRC platform landscape.
July 2011 | Read Report

Download a complimentary copy of The Forrester Wave™: Enterprise Governance, Risk, And Compliance Platforms, Q4 2011

November 2011 | Download Report