Health Care

We offer our Health Care Clients solutions to prevent losses in patients and fines related to an ever increasing amount of HIPAA regulations in New York.  We help our healthcare clients navigate the complicated issues they are face with today.  These include healthcare clients in the following areas:

  • Hospitals,
  • Urgent Care Clinics
  • Dental Offices
  • Nursing Homes
  • Behavioral Health Facilities
  • Diagnostic Labs
  • Pharmacies

In addition to the above so-called “Covered Entities” there is an estimated 2,000,000 additional “HIPAA Business Associates” that are exposed – or have access to — protected information making them also subject to HIPAA regulations. A HIPAA Business associate is any of the following types of businesses that has one or more Covered Entities as a customer or client:

  • IT Service Providers
  • Shredding Companies
  • Documents Storage Companies
  • Attorneys
  • Accountants
  • Collection Agencies
  • EMR companies
  • Data Centers, Online Backup companies, Cloud vendors
  • Insurance Agents
  • Revenue Cycle Management vendors
  • Contract Transcriptionists

EVERY Business Associate, and all of their sub-contractors, must have proof of a Risk Analysis under the law. Even if they wanted to, most of these organizations do not have the staff, resources or expertise to do it themselves.

Our HIPAA Risk Assessment:

Audits and investigations require evidence that compliant tasks have been carried out and completed.  Documentation must be kept for six years. The Evidence of Compliance includes log-in files, patch analysis, user & computer information, and other source material to support your compliance activities. When all is said and done, the proof to proper documentation is accessibility and the detail to satisfy an auditor or investigator included in this report.

  • Pinpoints the organization’s threats and vulnerabilities
  • Identifies the controls and protections in place and any gaps
  • Calculate risk ratings and where the organization should focus its remediation efforts
  • Prioritizes the controls needed to protect highly sensitive ePHI
  • Includes a Findings, Observations and Recommendations Report

We implement procedures that are designed to allow authorized access and deny unauthorized access, to and within facilities, to limit access to devices that can access or store ePHI. For more information, click here.