Dramatic changes are taking place in regard to protection of Private Health Information (PHI). The HIPAA Security Rule has been in effect since 2003; however, in 2009, Health and Human Services (HHS) added business associate to entities that must comply with the HIPAA Act of 1996. In addition the FTC and HHS , as part of the American Recovery and Reinvestment Act of 2009 known as the HITECH ACT, included breach notifications requirements for all covered entities under HIPAA.

What does this mean to healthcare organizations?

• It expands the covered entities that now must comply with the HIPAA Security Rule.
• Along with incenting the adoption of electronic medical records as a result of the HITECH ACT, the change adds penalties should there be a breach involving PHI.
• Provides oversight for the enforcement of the HIPAA security rule and has been transferred from HHS to the FTC which has a strong history of imposing penalties for non-compliance.

GotRoot.Net Risk provides a risk based approach to help organizations comply with the HIPAA Security Rule while focusing on areas vulnerable to the HITECH Rule.

• Phase I provides a risk assessment involving people, policies, processes and technology, a detailed gap analysis against HIPAA Security Rule and HITECH and produces a detailed remediation plan or roadmap to becoming secure and compliant.
• Phase II, At this stage, GotRoot.Net partners with our client to achieve compliance.
• Phase III is continuous monitoring. We develop a plan to monitor compliance as regulations, people, processes, applications and technology change to insure compliance and security is maintained.

• Are you compliant with HIPAA Security Rules?
• What are your risks associated with protecting PHI?
• Can a hacker get to your PHI information?
• How do I prioritize my resources (budget and time) in closing the gaps to become secure and compliant?
• What do I need to do to maintain security and compliance on a continuous basis?