PRESS RELEASE
Contact: Lorna Waggoner
Phone: 515.453.8247 x17
Email: Lorna.Waggoner@ecfirst.com
Website: www.ecfirst.com
Managed HIPAA and Security Compliance Service Launched
Meeting the Recurring Regulatory Requirements of HIPAA Privacy and Security
NEWPORT BEACH CA USA -- HEALTHCARE UPDATE NEWS SERVICE™ -- DECEMBER 15, 2006: ecfirst.com, home of the HIPAA Academy, introduces the industry's first and most comprehensive program on Managed Compliance Services Program for HIPAA. ecfirst.com is an Inc. 500 business and its HIPAA Academy certification and training program is exclusively endorsed by the American Hospital Association (AHA).
The Health Insurance Portability and Accountability Act (HIPAA) regulates the privacy and security of personal health information. HIPAA refers to this information as Protected Health Information (PHI). The legislation mandates healthcare organizations to maintain compliance with reasonable and appropriate safeguards in several specific areas. On a regular schedule, healthcare organizations must:
- Conduct a comprehensive and thorough risk analysis
- Complete a Business Impact Analysis (BIA) for contingency planning and disaster recovery
- Develop and update security policies and procedures
- Train members of the workforce
- Audit and evaluate the information infrastructure
The ecfirst.com Managed Compliance Services Program is tailored to meet HIPAA security and privacy compliance requirements. Key features of ecfirst.com's Managed Compliance Services are:
- Bundled outsourced solution for a fixed monthly fee
- Periodic performance of vulnerability assessments, security risk analysis, BIA and contingency planning
- Training, certification and periodic audit and evaluation to keep your organization
- fully compliant at all times
- Keeping you compliant with the regulatory requirements, to help you focus on the business of delivering exceptional patient care and services
Benefits of outsourcing HIPAA compliance include:
- Minimizing productivity losses from unexpected downtime
- Enabling staff to better focus on business-critical tasks and complying with key regulations within HIPAA
- Depth in resource capabilities with trusted knowledge of client infrastructure
- Smooth out volatility in resource demands and costs associated with managing information technology
"ecfirst.com's solutions are targeted to save time and provide expertise in addressing core HIPAA Privacy and Security compliance requirements on a recurring basis," said Uday Ali Pabrai, ecfirst.com chief executive and co-founder. "Hospitals, healthcare providers and business associates must maintain compliance with HIPAA requirements, enhance the security of the digital infrastructure, and maintain the integrity of all electronic protected health information (EPHI). The Managed Compliance Services Program for HIPAA is a cost effective way to address mandatory requirements."
Table 1 specifically identifies HIPAA requirements addressed by Managed Compliance Services Program.
|
HIPAA Regulation |
HIPAA Requirement |
Managed
Compliance Service
|
|
Risk Analysis 164.308(a)(1) |
Conduct an accurate and thorough assessment of the potential risks to and vulnerabilities of the confidentiality, integrity and availability of the entity's electronic protected health information (EPHI). |
On an annual basis we will conduct a thorough security vulnerability assessment followed by a comprehensive Risk Assessment highlighting the gaps and providing recommendations for remediation.
|
|
Assigned Security Responsibility
164.308(a)(2) |
Covered entities must identify the security official who is responsible for the development and implementation of the Security Rule's required policies and procedures. |
An interim security officer will be assigned to your organization to meet compliance requirements. Service is flexible and can be tailored to a few hours a week to a full-time on-site staff position.
|
|
Security Awareness and Training
164.308(a)(5) |
Covered entities must implement a security awareness and training program for all members of the workforce. |
Content will be provided for on-going training for HIPAA Security for all members of the workforce. Content can easily be tailored by your organization based on job role requirements defined.
Limited number of IT professionals and managers will be provided with vouchers to attend the 4-day HIPAA certification program delivered nationally.
On an annual basis, we will conduct an executive briefing for senior management covering topics like industry best practices, advancements in information security technologies and changes in legislation and accreditation standards.
|
|
Contingency Plan
164.308(a)(7) |
Covered entities must establish policies and procedures for responding to an emergency. |
On an annual basis we will conduct a business impact analysis and provide recommendations for Business Continuity / Disaster Recover planning.
|
|
Evaluation
164.308(a)(8) |
Covered entities must perform periodic evaluations to determine the extent to which the security policies and procedures meet the Rule's requirements. |
On an annual basis we will evaluate the organization's state of compliance with the requirements of the HIPAA Security Rule.
|
|
Policies, Procedures and Documentation
164.316 |
Covered entities must implement reasonable and appropriate policies and procedures to comply with standards and implementation specifications of the HIPAA Security Rule. |
On an annual basis we will review existing policies and procedures and provide specific recommendations to update documentation based on changes to the organization's digital information infrastructure.
|
|
HIPAA Privacy Rule
45 CFR Parts 160, 162, and 164 |
The Department of Health and Human Services (HHS) has issued the regulation, "Standards for Privacy of Individually Identifiable Health Information," applicable to entities covered by HIPAA. The Office for Civil Rights (OCR) is the Departmental component responsible for implementing and enforcing the privacy regulation. |
On an annual basis we will review existing HIPAA Privacy policies and provide specific recommendations to update documentation.
|
Table 1: Managed Compliance Services Program
BENEFITS OF OUTSOURCING HIPAA COMPLIANCE INCLUDE:
- Minimizing productivity losses from unexpected downtime
- Enabling staff to better focus on business-critical tasks and complying with key regulations within HIPAA
- Depth in resource capabilities with trusted knowledge of client infrastructure
- Smooth out volatility in resource demands and costs associated with managing information technology
ABOUT ecfirst.com:
ecfirst.com is a leader with rich hands-on experience delivering world-class security regulatory compliance solutions. The ecfirst.com Regulatory Compliance Practice delivers deep expertise with its full suite of services that include single sign-on, context management, contingency planning/Business Impact Analysis (BIA), vulnerability assessment, as well as managed compliance, security and IT infrastructure solutions.
ecfirst.com assists all types of organizations with their compliance initiatives for a secure information infrastructure that is compliant with the HIPAA regulation. ecfirst.com can help you with your HIPAA challenges and priorities. ecfirst.com solutions help your organization implement the security safeguards required as a result of the HIPAA legislation. ecfirst.com, an Inc. 500 business, serves a Who's Who client list that includes numerous hospitals, state and county governments, and hundreds of organizations. Talk to ecfirst.com and you will find an organization that is passionate about its services and devoted to its clients. Ask for a free copy of The Art of Information Security (limited to one per organization only).
For more information, please visit www.ecfirst.com.
ABOUT HIPAA ACADEMY:
HIPAA Academy delivers compliance solutions across the United States every day. Our deep knowledge of the HIPAA and Sarbanes-Oxley regulations is substantiated with hands-on experience implementing technical solutions in the healthcare industry. The HIPAA Academy introduced the industry's first, and today's leading, credentials for HIPAA skills certification: Certified HIPAA Professional (CHP) and Certified HIPAA Security Specialist (CHSS). HIPAA Academy training courses and certification exams are now available on-line. For more information, please visit www.hipaaacademy.net.
|
