HIPAA Consulting Services

“Regardless of your location within the US, my goal is to make this extremely complex enigma known as “HIPAA” very easy to understand with a painless step by step approach to an otherwise harrowing task… Times have changed and new laws are now in place concerning protected health information. The best way to protect your practice or business and save yourself future headaches and possible litigation or Federal fines is to be proactive instead of reactive” – Brian

HIPAA HITECH Security Privacy Risk Assessment with Customized Policies

“Whether you are a business associate or a covered entity, one of the first questions you will be asked in an audit letter from the Office for Civil Rights is ‘where is your security risk analysis? ..submit to us proof it has been completed’  The second thing they typically want to see are your policies and procedures.   As of the 2013 Omnibus legislation and due to cyber liability concerns, more covered entities are requiring their business partner show proof of completed risk assessment”

“With any HIPAA compliance program the first mandatory thing that needs to be done is the Risk Assessment.    The risk assessment goes over every aspect of the HIPAA Security/Privacy Rule (in plain English) and addresses each implementation specification (even ones that are only “addressable” still must have a policy as to why it doesn’t need to be implemented).   Additionally, I review and ensure that various other paperwork and documentation are updated and in place.   My goal is not only to ensure the organization is properly securing PHI but also to ensure the “i’s” are dotted and “t’s” are crossed in terms of a Federal spot audit….   I have conducted over 1000 onsite and remote risk assessments for covered entities and business associates all over the United States ranging from hospitals, physician offices, dental, chiropractic, insurance plans, medical billing providers, answering services, software development, government agencies, etc .” – Brian

  • On-site (or remote), Comprehensive, and Low Cost starting at $1095
  • Conduct a HIPAA Risk Assessment with Mitigation based on NIST guidelines (this is the heart of everything and finds all the warts, also lack of a risk assessment is the #1 area of non-compliance). This audit goes step by step through all 18 HIPAA Security Standards and 44 corresponding Implementation Specifications, addressing each one including Business Continuity Planning.
  • I will also do an audit of the HIPAA Privacy Rule, including a physical walk through (if onsite) of the practice/business looking for “low hanging fruit” and assessing areas of “physical” risk as well as assessing (paper based PHI, staff mannerisms, physical security of paper based PHI, shredding, practice/business setup, hiring procedures, termination procedures, business associate agreements, privacy policies, NPP, confidentiality agreements, employee handbook, etc.
  • Custom write policies and procedures for the organization covering every aspect of the regulations (even ones that don’t apply will be addressed as required by law) based on findings of the risk assessment
  • Conduct external security scans (emulating a hacker trying to access system from outside)
  • Assess IT infrastructure security (servers, PC’s, firewalls, wireless, remote access, EMR/Practice Management system, etc)
  • Comprehensive risk assessment provided with recommendations for achieving compliance in plain English.
  • Signed certification of completion provided

Business Continuity – Disaster Recovery

“The HIPAA Security Rule 164.308(a)(7)(i) identifies Contingency Plan as a standard under Administrative Safeguards.  HIPAA Contingency plans address the “availability” security principle. The availability principle addresses threats related to business disruption –so that authorized individuals have access to vital systems and information when required.   This is a required Standard and every practice must have one to be in compliance.  Not to mention it’s just a good idea anyway….. ” – Brian

  • Audit and assess current plan
  • Assist with creation of new plan or modification of current plan
  • Customize plan to your practice or business – I can do all the work saving you the burden
  • “Required” per HIPAA Security Rule and is good business practice

Software Audit, GDPR Compliance, GLBA Compliance

“Getting a new app ready to market?  Don’t let concerns about HIPAA hold you back.  I have vetted over 50 different software packages ranging from large electronic health records (EHR) systems down to very small applications for an iPhone.”  -Brian”

“Trying to iron out problems with the European Union GDPR regulations?”

“Is your institution struggling with the new (GLBA) Gramm-Leach-Bliley Act Cybersecurity Requirements relating to financial records?  I can help get this daunting task in line with the Federal requirements”

Breach Assistance

“There’s nothing more terrifying than realizing you’ve had a breach of protected health information (or any sensitive data).  I have worked directly with the Office of Civil Rights (OCR) and other governing bodies on multiple instances, there is a method to the madness on how to best handle a breach and properly word your responses to the questions OCR (and other government bodies) will have.  Let me assist you to get this resolved in a timely manner and avoid fines and penalties.” – Brian

Public Speaking – Webinars – Onsite Seminars – Training

“Organizations which constitute a covered entity or business associate under HIPAA must provide HIPAA training to its employees, trainees, agents, volunteers and contractors.  This training includes the organization’s HIPAA policies, privacy protections, violation procedures, computer protections and more. HIPAA does not specify the manner in which the training must be achieved. Consequently, HIPAA training may involve educational courses, hands-on training exercises, the use of agreements in the workplace, computer training and any other type of training…”  – Brian

“I have been doing public speaking engagements and webinars for various entities on HIPAA and IT Security for over 10 years.  If you would like more information on specific topics or have any requests for a particular area you are interested in I can put something together…   Additionally, as a former class clown I try to make all speaking engagements informative as well as entertaining to keep the audience engaged because there’s nothing worse than a speaker who sounds like Charlie Brown’s teacher!”  – Brian

Check out the sites below for my upcoming informative webinars:

Save yourself future headaches and protect your business: