Current State Assessment
Perform Gap Analysis
Create Remediation Strategy
As the HIPAA enforcement had been historically emanating from individual complaints and whistleblowing, the HITECH rule changed the playing field altogether, by instituting breach notification rules regarding privacy and security related issues. This potentially brings them into the public spotlight, prompting organizations dealing with Protected Health Information(PHI) to take steps to ensure its protection.
Corpnet Consulting advocates adoption of a risk-based approach to HIPAA/HITECH compliance, as it empowers an organization to respond to more than just one set of compliance requirements, as the approach is governed by leading good practices towards effective risk management, and decisions are taken in light of risks to the organization, rather than a checkbox compliance requirement.
If performed effectively, a risk-based path to HIPAA/HITECH compliance is better manageable, inherently scalable, and aligned with the business, thus providing a business justification to comply, and a measurable return on investment.
Corpnet Consulting is uniquely positioned provide our clients with experienced healthcare security and privacy professionals, who provide guidance around HIPAA/HITECH compliance. Though each client situation is unique, the most common steps taken are as follows:
- Accurately define scope by identifying applicable state and federal healthcare legislations
- If necessary, work with our client to establish a formal governance structure around HIPAA/HITECH compliance
- Perform (or leverage results from) risk assessments, map data flows, and determine the service environments within scope
- Benchmark current state of security and privacy controls against HIPAA/HITECH requirements for controls effectiveness, utilizing HITRUST Alliance’s Common Security Framework (CSF)
- Identify gaps and perform strategy workshops to facilitate a risk-based decision making process for remediation. This may include adjustments to sourcing strategies, and implementation of new capabilities to reduce the risk of non-compliance
- Create a clear and concise roadmap with timelines and milestones
- Work hand in hand with our clients towards improvement and remediation initiatives
- Coordinate communications with internal teams, as well as external entities as needed
- Establish processes for continual reviews of security and privacy controls for ongoing compliance with HIPAA/HITECH requirements