To demonstrate compliance if audited or the subject of a breach investigation, an organization must:
Regardless of size, an organization must have a HIPAA security and privacy official who manages the compliance program.
Costs for HIPAA compliance packages will vary for each organization and the types of services required to meet regulatory requirements. In order for us to provide a quote, we typically send out a questionnaire to see what compliance metrics are currently in place for the organization. This helps us determine what the organization will need to have in place and the associated costs.
We also offer a basic package of HIPAA services starting at $1850 that include policy and procedure templates, conducting a security risk assessment, and access to web-based HIPAA training.
For a free, initial consultation, please contact us today.
Regardless of the size of the practice, dental offices are required to follow all HIPAA Security and Privacy Rule requirements. This includes:
HITECH is the acronym for the Health Information Technology for Economic and Clinical Health Act, enacted as part of the American Recovery and Reinvestment Act of 2009, which was signed into law in February 2009. It promotes the adoption and meaningful use of health information technology.
The HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, partly through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.
The final HIPAA Omnibus Rule greatly enhances a patient’s privacy protections, provides individuals new rights to their health information, and strengthens the government’s ability to enforce the law.
A covered entity is any provider of medical, dental, or other healthcare services or supplies that transmits any protected health information in electronic form. This includes pharmacies, health plans, and healthcare clearinghouses that perform electronic health care billing functions.
If your organization files any insurance claims electronically, including reimbursement from CMS for Medicare and Medicaid services, you are considered a covered entity.
With certain exceptions, a business associate is a person or business that creates, receives, maintains, stores, or transmits PHI for a function or activity for a covered entity.
Examples of business associates are: IT services; billing and coding companies; cloud storage providers; web site hosting companies that maintain any patient health questionnaires; and legal, actuarial, accounting, consulting, data collection and analysis, management, administrative, accreditation, or financial services.
Under HIPAA, a Business Associate Agreement, commonly known as “BAA,” is a contract between a covered entity and a designated business associate. The agreement requires that any protected health information maintained by the business associate must be in accordance with HIPAA regulations.
A BAA must explicitly define how a business associate will report and respond to a data breach, including breaches that are caused by a business associate's subcontractors.
With certain exceptions, a data breach is the acquisition, access, use, or disclosure of electronic PHI in a manner not permitted under the Security Rule, which compromises the security or privacy of the PHI.
A data breach is a release of unsecured PHI/PII to an unauthorized entity or in an insecure environment, whether intentional or unintentional.
This includes attempted or successful or improper instance of unauthorized access to, or use of information, or misuse of information, disclosure, modification, or destruction of information or interference with system operations in an information system.
Protected health information (PHI) is individually identifiable health information that is:
There are 18 specific types of protected health information, including patient names, addresses, Social Security numbers, email addresses, fingerprints, or photographic images.
Electronic protected health information (ePHI) refers to any protected health information (PHI) that is covered under HIPAA privacy and security regulations and is produced, saved, transferred, or received in an electronic form.
The HIPAA Security Rule requires covered entities and business associates to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting ePHI.
Colington Consulting operates the website name cchipaa.com, which provides HIPAA compliance services. This page is used to inform website visitors regarding our policies with the collection, use, and disclosure of personal information. If you choose to visit our website, then you agree to the collection and use of information in relation with this policy. Some of the personal information that we collect is used when submitting a contact form. Based on the confidential nature of providing HIPAA compliance services, we will not use or share your information with anyone.
Information Collection and Use
When completing a contact form, we may require you to provide us with certain personally identifiable information, that includes your name, email address, and a message regarding potential compliance services. The information that we collect will be used to contact you and respond to your inquiry for services.
We want to inform you that whenever you visit our website, we collect information that your browser sends to us that is called Log Data. This Log Data may include information such as your computer's Internet Protocol (“IP”) address, browser version, pages of our website that you visit, the time and date of your visit, the time spent on those pages, and other statistics.
Cookies are files with small amount of data that is commonly used an anonymous unique identifier. These are sent to your browser from the website that you visit and are stored on your computer's hard drive.
Our website uses these “cookies” to collection information and to improve our Service. You have the option to either accept or refuse these cookies, and know when a cookie is being sent to your computer. If you choose to refuse our cookies, you may not be able to use some portions of our Service.
We may employ third-party companies and individuals due to the following reasons:
We want to inform our website visitors that these third parties may have access to your personal information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.
We value your trust in providing us your personal information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.
Links to Other Sites
Based on the nature of compliance services we provide; our website does not address anyone under the age of 13. We do not knowingly collect personal identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do necessary actions.