Meet the HIPAA Requirements with Year-round Compliance
Staying HIPAA compliant while abiding by state laws is a complex and time-consuming process. Furthermore, this annual drill adds more to an already busy IT organization.
Avertium’s HIPAA Certification Program (HCP) is designed to meet the needs of compliance and IT executives alike. HCP benefits all companies that process and manage patient health information by providing a cost-effective way to stay on top of the HIPAA Security, Privacy and Breach Notification Rules throughout the year.
Who Must Be HIPAA Compliant?
Congress mandated the establishment of Federal standards to ensure the confidentiality and the privacy of protected health information (PHI). The comprehensive controls enforced by the Office of Civil Rights apply to the following types of organizations:
Hardware, software, application providers, data management, technical support and consulting services, etc.
Pharmaceuticals, biotech, medical devices and non-allopathic treatments
The Department of Health and Human Services maintains the website that posts all HIPAA data breaches affecting more than 500 individuals per breach. A breach can cost an organization not only in penalties and fines, but also damage to its reputation and customer confidence.
We go beyond providing the initial risk assessment of technical and non-technical safeguards and developing the corresponding remediation plan. Our experts also work with you to translate federal and state mandates that are relevant to your business.
Avertium’s HCP customers receive quarterly updates that keep them abreast of guidance from the Office of Civil Rights which administers HIPAA, HIPAA changes, the latest technology trends and industry best practices.
All Avertium HIPAA Certification Program customers receive one of three designations — Certified, Validated and Assessed — and are provided the corresponding Avertium trustmark. This certifies your organization has been independently evaluated by the Avertium healthcare consulting team.
Use of the Avertium HCP trustmark
Template attestation language for business associate agreements
Framed certificate for on-premises display
Certification letter that can be sent to business associates and covered entities
Program Usage Guide that explains certification and trustmark application
Acknowledgement on Avertium.com
HIPAA Risk Assessment Service
- Identifies and documents your areas of risk associated with the creation, storage, transmission, and processing of ePHI in accordance with the HIPAA Privacy, Security, and Breach Notification Rules.
- Analyzes the use of administrative, physical, and technical controls to eliminate or manage vulnerabilities that could be exploited by internal or external threats.
HIPAA Gap Analysis Service
- Compares the HIPAA rule requirements against your organization’s controls to identify and report gaps between your policies, procedures, systems, and applications.
- Used to create recommendations to assist with the remediation efforts required to reduce gaps and achieve HIPAA compliance.
HIPAA Roadmap to Security Compliance
- Lays out a clear plan for fulfilling your HIPAA compliance requirements.
- Initial RSC is considered a working document, developed in partnership with you, to build a plan with prioritized HIPAA remediation tasks, task assignments, timelines, and estimated budgets.
- Provide regular guidance and accountability in your path to compliance
- Keep the momentum going by assessing progress regarding your HIPAA Roadmap
Complementary Security Services
As the leading provider of accessible managed security and security consulting services to the midmarket and enterprise, we offer a comprehensive array of solutions that enable organizations in the healthcare sector to increase their security posture. Popular services include:
- Managed Security Services
- Monitoring and Logging
- Vulnerability Scanning
- Penetration Testing
- HIPAA Security Awareness Training
- Data Mapping and Classification
- Sensitive Data Discovery Scanning