HIPAA Compliance

HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs.

The use of Health information technology is widespread as more and more companies are developing solutions that leverage health related technologies. However, one of the greatest risks in these products is consumer privacy. the HIPAA and Health Information Technology for Economic and Clinical Health Act (HITECH)

HIPAA Audit Process

HIPAA Compliance does not require any certification. Covered companies have to self assess and implement practices to secure protected health information (PHI) under their control or custody. The HIPAA evaluation standard § 164.308(a)(8) requires covered entities to perform a periodic technical and non-technical evaluation that establishes the extent to which an entity’s security policies and procedures meet the security requirements. The evaluation can be performed internally by the covered company or by an external organization that provides evaluations or “certification” services. US HHS does not endorse or otherwise recognize any private organizations’ “certifications” regarding the Security Rule.

Riskpro's Implementation methodology for HIPAA

We create an implementation plan for a business associate located in India. Business associates have to comply with security rules and breach reporting rule. Privacy rule may be applicable depending on the BAA agreement with the client (another BA or covered entity).

Summary of implementation steps are given below.
• Execute business associate agreements with the client
• Execute valid subcontractor agreements
• Comply with privacy rules
• Perform a Security Rule risk analysis/assessment
• Implement Security Rule safeguards (administrative safeguards, physical and technical safeguards),
• Adopt written policies supporting Security Rule
• Train employees
• Have an incident reporting and response procedure for security incidents and breaches
• Maintain Required Documentation. maintain the documents required by the Security Rule for six years from the document’s last effective date

HIPAA Certifications

The HIPAA Security Rule applies to all health plans, healthcare clearinghouses, and to any healthcare provider who transmits protected health information (PHI) in electronic form, or electronic protected health information (ePHI). Therefore, any organization or person who works in or with the healthcare industry or who has access to protected health information is covered by HIPAA regulations. The HIPAA Certified is different from as HIPAA Compliant.

HIPAA Domains

Basically HIPAA compliance is around following 4 sets of rules. These are very similar to the usual frameworks such as SOC, ISO etc.

The four main domains are
HIPAA Privacy Rule
HIPAA Security Rule
HIPAA Enforcement Rule
HIPAA Breach Notification Rule

Contact for HIPAA related audit, certification and trainings

For more information, please send an email to info@riskpro.in

Focus areas for HIPAA

Administrative Safeguards

Security Management Process
Assigned Security Responsibility
Workforce Security
Information Access Management
Security Awareness and Training
Security Incident Procedures
Contingency Plan
Business Associate Contracts and Other Arrangements

Physical Safeguards

Facility Access Controls
Workstation Use
Workstation Security
Device and Media Controls

Technical Safeguards

Access Control
Audit Controls
Person or Entity Authentication
Transmission Security

Organizational Requirements

Business Associate Contracts or Other Arrangements
Requirements for Group Health Plans



More Info: 
Manoj Jain: 9833767114, manoj.jain@riskpro.in

Other Services of Interest

  • Celebrating 1 Year of GDPR - Webinars from Riskpro

    GDPR turns ONE on 25 May 2019. On this Anniversary, lets explore what the last 12 months meant for global companies as it relates to Data Protection and Privacy. Riskpro India has organised 6 GDPR...
  • Procurement Fraud - Riskpro can help

    If you suspect procurement fraud, do contact Riskpro India and we can help to unearth the suspicious activity. Following are some of the ways in which we can help. 1. Review of onboarding...
  • GDPR - Data Privacy Trainings - Six Webinar on GDPR Anniversary - Riskpro

    GDPR turns ONE on 25 May 2019. On this Anniversary, lets explore what the last 12 months meant for global companies as it relates to Data Protection and Privacy. Riskpro India has organised 6 GDPR...
  • HIPAA Awareness Training (Mandatory) - Riskpro India

    EVENT OVERVIEW: HIPAA stands for the Health Insurance Portability and Accountability Act and is a US regulation that deals with security measures for protecting patient’s medical records. Employees...
  • SEBI's Insider Trading Amendment - Free Webinar by Riskpro India

    Another important compliance topic that kicks off today. SEBI Amendment to Insider Trading Regulations. Join us for an hour to learn the important changes and how to deal with these. Register -...
  • Sox Training

    Our sox training covers the following points. 1. What is SOX? 2. The Act and its Sponsorors. 3. The background for bringing in this act. 4. Major Sections in the Act 5. Section 404 overview 6...
  • GDPR Countdown

    Riskpro is working hard so that clients can GDPR deadline as the clock ticks away.
  • EU-US Privacy Shield for Data Transfers

    Come GDPR (General Data Protection Act) and EU-US PRivacy shield will assume more importance. Privacy Shield Overview The Privacy Shield program, which is administered by the International Trade...
  • Reduce your GDPR implementation Costs - Hire GDPR Experts in India

    Reduce cost for GDPR Compliance - Remote Consulting from India GDPR readiness assessment and implementation can be costly. And time is short. Instead of paying premium fees to local GDPR consultants...
  • Go to top