Ready for a HIPAA Gap Analysis?

Is your organization keeping up with the challenging world of HIPAA compliance and the HIPAA Privacy Rule? Are you concerned over weaknesses in your HIPAA compliance program or the non-existence of a program?  Have you considered a HIPAA Gap Analysis to assess the program for risk areas in order to identify and correct problems? Now may be the time to take this important step. We have helped many organizations with a Gap Analysis and are prepared to help you. By completing this it will help your organization understand your HIPAA risks.

The U.S. Department of Health and Human Services (HHS)states that A HIPAA gap analysis is typically a narrowed examination of a covered entity or business associates enterprise to assess whether certain controls or safeguards required by the Security Rule have been implemented.

Key Features of a HIPAA Gap Analysis

A HIPAA gap analysis is a focused review and analysis of a covered entity or business associates’ organization.  It will determine its compliance with the HIPAA Privacy, Security Rules as amended by the Health Information Technology for Economic and Clinical Health Act [HITECH] (collectively known as the “HIPAA Rules).  By means of this analysis, it will review the overall flow of protected health information (PHI) created, accessed, used and disclosed within the organization. The gap analysis looks at all forms of PHI in the organization. This includes the information systems hardware and software systems that create, use, maintain, store and transmit PHI. The gap analysis reviews any existing policies, procedures and the safeguards that are in place to protect the information, and the policies that give individuals’ rights over their PHI.

HIPAA Gap Analysis & Security Risk Analysis

First of all, a gap analysis is a good starting point for beginning a HIPAA compliance program or improving an existing compliance program. It is a useful and information filled tool. However, it will not take the place of a Security Risk Analysis (SRA). The SRA is an in-depth examination of the administrative, physical and technical safeguards for electronic PHI (ePHI) required by the Security Rule. Of course, information collected in the gap analysis will assist the organization in the completion of the SRA.

HIPAA Gap Analysis

Administrative Safeguard Analysis

Initially, the HIPAA gap analysis begins with a review of items required by the HIPAA Rules as identified in the individual Privacy, Security and HITECH Rules. Data reviewed in a HIPAA Gap Analysis includes the policies the covered entity or business associates must implement that ensure individuals’ rights over their PHI. Some examples include right to access PHI, to request an amendment to PHI or an accounting of disclosures, to request a restriction, and make a privacy complaint, and others. Also, under review are the policies and procedures used to safeguard PHI in all formats whether verbal, paper or electronic. These include administrative requirements such as policies, business associate agreements, named privacy and security officials, training on the policies that affect employees’ job duties, a complaint process, and breach reporting. Collecting this information will later help to prepare for a Security Risk Analysis.

Physical Safeguard Analysis

In addition a HIPAA gap analysis includes a review of physical safeguards which protect information systems and related equipment and facilities from hazards and intrusions. The analysis examines physical safeguards that protect paper PHI maintained in the regular course of business and also verbal PHI used and disclosed within the organization. In order to perform a thorough analysis of the physical safeguards gap analysis requires an onsite review.

Technical Safeguard Analysis

Finally, the HIPAA gap analysis reviews technical safeguards that protect ePHI by applying mechanisms to protect the confidentiality, integrity and availability of the data. These safeguards control access to PHI and assure the information is true and accurate. They ensure PHI is available for those authorized to use the information to perform their job functions.  This is the best way to prepare for a Security Risk Analysis.

How It Can Help You

Above all the focus is to identify deficiencies and risk areas that exist between the policies and/or protections currently in place. It will look at the existing compliance program and the HIPAA Rules requirements. The analysis reviews the gaps identified and highlights necessary remediation to cure the deficiencies, reduce risk, and bring the program into compliance. This will give the entity the opportunity to determine how best to approach taking the necessary steps to bring itself into compliance.

Most importantly, the gap analysis will give covered entities and business associates an overall snapshot of their compliance efforts. Secondly, it will help them discover areas where they are non-compliant with HIPAA Rules or which put them at risk. Additionally, it will give the organization a roadmap to compliance. Finally, this will give the privacy officer the information needed to move forward with any necessary revisions to the program.

Our organization has had years of experience assisting clients with HIPAA compliance programs whether starting a program from the beginning or recommending revisions. We can help you understand the gaps that might exist in your program and how they can affect your organization. This will give you the opportunity to eliminate flaws or deal with issues that may put your company at financial and reputational risk. We have the knowledge and expertise to help you with this important project.

Our HIPAA Gap Analysis is a good starting point for initiating a HIPAA compliance program. It will help get you started with the right information to complete a Security Risk Analysis and protect your organization.

Preparing for a HIPAA Gap Analysis

Why Choose HIPAA Associates?

Our professionals have certifications in Healthcare Compliance (CHC) from the Health Care Compliance Association and Healthcare Privacy Compliance (CHP) from the American Health Information Management Association.  These are organizations who have set the standards in healthcare compliance.  These certifications are obtained by rigorous study and proof of in-depth knowledge of the subject.

HIPAA Associates is proud to announce it has been designated a Women Business Enterprise (WBE) and a Small Local Business Enterprise (SLBE) by the City of Cincinnati. We are committed to provide with you with the best HIPAA training available from professionals with over 19 years’ experience in the field of HIPAA.

HIPAA Gap Analysis – Contact Us

We are ready to help you deal with your HIPAA concerns. We will provide your organization with a gap analysis to define the state of your HIPAA compliance program and ensure compliance with the HIPAA Rules. We are available to discuss your needs and start on your gap analysis today.

HIPAA Gap Analysis Assistance

Who should get a HIPAA Gap Analysis?

Most organizations, hospitals and medical groups, who rely on HIPAA privacy and security regulations, may benefit from a HIPAA gap analysis. This instrument will assist an organization to determine how it stands in relation to safeguards and?healthcare compliance requirements.

A HIPAA Gap Analysis is a good starting point for initiating a HIPAA compliance program It does not replace a Security Risk Analysis but is a great way to get the right information to begin one.