- Assisting a hospital with administrative simplification compliance.
We
assisted in evaluating a hospital’s compliance with the Administrative Simplification
subsection of HIPAA. The objective of this engagement was to assess the
organization’s compliance with the draft security and privacy standards and
the final transaction standards, as well as to create recommendations and an
associated plan for achieving HIPAA compliance. Our work resulted in: (1)
senior management and key operating committees being educated about the requirements
under HIPAA; (2) an organizational structure to guide the hospital’s HIPAA compliance
efforts; (3) a high-level assessment of the client’s initial compliance with all
applicable HIPAA standards; and (4) a preliminary plan to address compliance deficiencies
determined during the assessment.
- Providing assistance to two county governments in HIPAA assessments and risk prioritization.
We assisted two county governments with
designing and coordinating HIPAA compliance efforts for their Public Health and
Health and Human Services Divisions. Our efforts include: (1) providing initial
education on HIPAA’s requirements to management and staff; (2) designing assessment
tools and coordinating client staff in their use for conducting gap analyses; (3)assessing
the relative risk and priority for addressing gaps discovered; (4) identifying areas where
remediation is required to become compliant; and (5) creating implementation plans to guide
the remediation efforts.
- Assisting an integrated delivery system with privacy and physical security compliance.
We assisted a large integrated healthcare
organization with assessing areas of noncompliance related to HIPAA’s privacy and
physical security requirements within the hospital and physician practice entities.
We helped the client “fast track” its resolution of compliance gaps within these HIPAA
regulations by identifying areas to review that were representative of the facilities
and services provided throughout the organization. We surveyed a sampling of these
areas to identify common compliance gaps for which the client will develop remediation
strategies to apply throughout. Our work involved: (1) creating survey tools (checklists,
interview guides, and presurvey questionnaires) for use in conducting the assessment;
(2) training internal staff on the use of those tools; (3) conducting assessments in
conjunction with client staff; and (4) assessing the relative compliance risk that each
gap represented.
- Identifying HIPAA compliance gaps for a hospital system.
We assisted the Information Services (IS) Department
of a hospital system in assessing the privacy, security, and transaction and code set
gaps within its departmental operations, as well as within areas of the organization
where its services are heavily used (e.g., revenue cycle services such as claims
submission). Our efforts involved: (1) creating assessment tools to assist IS
staff in identifying compliance gaps; (2) analyzing gaps discovered and assessing the
compliance risk they represent to IS and the larger organization; and (3) recommending
areas for which IS management should budget funds required to remediate high risk and
priority gaps.
Home
Site Map
Contact Us
Search
