background

Health I.T. FAQ

Health IT or Health Information Technology is the area of IT involving the design, development, creation, use and maintenance of information systems for the healthcare industry.

Persons that are HIPAA Certified, Health IT Certified, HL7, Security, Compliance and Regulatory Certified.

Current holder of Errors & Omissions Insurance specifying HIPAA Liability Coverage. A working knowledge of standard Medical Equipment and their interfaces with Electronic Medical Records. Membership in Healthcare Industry related organizations like HIMSS & AHIMA. 10+ Years in the Industry and a willingness to work during AND after the operating hours of your Practice.

Performing a Risk Assessment is REQUIRED by HIPAA Regulations and is the first step in finding out what needs to be addressed first to avoid exposing your Practice to risk.

Business Associate Agreement or BAA is REQUIRED by Law to begin with and then depending on what additional services they will be performing, a Non-Disclosure and Managed Services Agreement may be required.

This HIPAA manadated agreement is a contract between Covered Entities, their vendors and their vendors subcontrators. The contract should stipulate that the Business Associate (BA) or their subcontractor must implement appropriate administrative, technical and physical safeguards to ensure the confidentiality, integrity, and availability of ePHI and meet the requirements of the HIPAA Security Rule. Some of those measures may be stated in the BAA or it may be left to the discretion of the BA. The BAA should also include situations where allowable uses and disclosures of PHI will conform to the requirements of the HIPAA Privacy Rule.

Generally having controls, countermeasures and procedures in place to assure the appropriate protection of information assets and controls access to that private health information.

Many of the Practices and Healthcare Professionals we work with think HIPAA Compliance is difficult and expensive to achieve. It's a little-known fact that while CMS would like you to be fully compliant, it does recognize and reward Practices that are consistently improving compliance measures and continuing to meet the goals of their Risk Assessments within their budget.

We offer four different services packages that represent the journey to HIPAA compliance......from just getting started, then becoming proactive against threats to finally being fully HIPAA compliant and presenting a "defense-in-depth" strategy to thwart physical and cyber based attacks.