OUR HIPAA CAAS PROCESS
At Tampa Bay Compliance, we understand there are many ways an organization can fall short of HIPAA compliance. In fact, it can often be as simple as not knowing the requirements. The experts at Tampa Bay Compliance are poised to help with our multi-step HIPAA CAAS process.
STEP 1: GAP ASSESSEMENT
To begin the HIPAA Compliance process, Tampa Bay Compliance performs an initial assessment through an interview and verification process. This creates a snapshot of your organization’s HIPAA/HITECH compliance to uncover the areas that are noncompliant. Our detailed gap assessment report outlines the issues and provides recommendations for achieving organizational compliance.
The gap assessment allows recipients to quickly see missing or incomplete items, undocumented policies and/or procedures, as well as inadequate security measures.
STEP 2: REMEDIATION
No organization is perfect. There will be issues, and plans of action must be put into place to close gaps in compliance determined in the gap assessment. Tampa Bay Compliance provides a detailed remediation plan at the end of the gap assessment. This allows your organization to determine where resources and budgetary planning is needed to achieve HIPAA compliance. Our remediation service includes 12 hours of onsite or offsite consulting, access to policy templates and procedures.
STEP 3: HIPAA RISK ASSESSMENT
At the end of the remediation period, Tampa Bay Compliance performs an independent risk assessment of your organization. Tampa Bay Compliance reviews your organization’s day-to-day activities, policies and procedures to identity any risks by following the same criteria as an Office for Civil Rights (OCR) auditor.
The risk assessment is required in the event of an OCR audit and can be used by internal management to help negotiate premium rates with insurance carriers.
STEP 4: HIPAA PRIVACY AND SECURITY TRAINING
Tampa Bay Compliance provides HIPAA Privacy and Security with white-labeled PowerPoint training that includes, but is not limited to the following subjects:
- HIPAA Privacy Rule
- HIPAA Security Rule
- Incident Response and Breach Notification Overview
- Acceptable Use of the Organization’s Computing Devices
- Access Control
- Workforce Security
STEP 5: QUARTERLY COMPLIANCE REVIEW
Each quarter, Tampa Bay Compliance provides an in-depth review of the changes that have been implemented throughout your organization. This can include changes in compliance posture, services and/or the IT infrastructure. We also provide a summary of the review, and when applicable, a list of the gaps and recommendations for remediation.
STEP 6: ANNUAL RISK ASSESSMENTS
Tampa Bay Compliance follows security best practices and recommends conducting an annual risk assessment*. The deliverable is similar to that of the first HIPAA risk assessment, but with fewer or no gaps in your organization’s compliance posture.
*Note: PCI requires an annual risk assessment
Has your organization completed a HIPAA risk assessment in the last 12 months?
The introduction and rapid adoption of electronic forms of protected health information (PHI) has changed HIPPA Compliance significantly over the past few years. How entities and business associates conduct a proper risk assessment is a critical aspect of HIPAA compliance. Contact Us Now for a FREE 30-Minute HIPAA Compliance Review.
Get Started