HIPAA compliance absorbs time, personnel, and other valuable resources from your organization. Protostar’s Elite Protection for HIPAA ComplianceTM provides all the tools, expertise and coaching your organization needs to obtain, maintain and promote a culture of HIPAA compliance in an easy, incredibly affordable way.
The HIPAA Rules apply to two groups: covered entities and business associates. A covered entity is a health plan, health care clearinghouse or health care provider who electronically transmit any health information. Examples of covered entities are:
A business associate is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity. Examples of business associates (whose services involve access to PHI) are:
For more detailed information on the definition of a covered entity and businesses associate visit The Department of Health and Human Services (HHS) website.
A risk assessment is not enough for HIPAA compliance. We supply the Security, Physical and Administrative audits required by the HHS
The HIPAA Privacy Rule provides federal protections for personal health information and gives patients rights to their own protected health information (PHI). The Privacy Rule permits the disclosure of PHI needed for patient care and other important purposes. The Privacy Rule applies to all healthcare providers, including those who do not use an Electronic Health Record (EHR) system, and includes all mediums: electronic, paper, and oral.
The HIPAA Security Rule requires covered entities, business associates, and their subcontractors to become HIPAA compliant by implementing safeguards to protect electronic protected health information (ePHI) that is created, received, or maintained. It specifies a series of administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of ePHI. Most violations of the HIPAA Security Rule result from businesses not following policies and procedures to safeguard ePHI, thus preventing them from becoming HIPAA compliant.