The basic purpose of the Health Insurance Portability and Accountability Act’s (HIPPA)Security Rule is to protect the confidentiality, integrity, and availability of electronic protected health information (EPHI) when it is stored, maintained, or transmitted.

Read here for detailed information on Meaningful Use.

The Security Challenge

The final HIPAA Security Rule requires each covered entity to assess its own security needs and risks and then devise, implement, and maintain appropriate measures as business decisions. Each entity must balance their resources and business requirements against the risks to EPHI. The growing number of state and federal regulations including MA 201 CMR 17, Red Flag Rules, and the HITECH Act has added even greater complexity to these struggles.

The SMP Solution & Methodology

Information security plays a major role in compliance. SMP recommends that a covered entity or business associate begin with an EPHI Infrastructure Assessment that allows us to gather information about your entity’s information management and technology baselines and the controls related to information security. The intent is to develop a preliminary summary of your automation systems information systems, use of electronic information (including EPHI), and to understand the relationship of your organization’s security posture, both present and future, to your business needs. Through interviews, direct observation, and review of documents, SMP establishes the organization’s current state of compliance with the regulation. This is followed by further tests to confirm that the reported controls are in place and working correctly.

These tests might include:

• Internal Vulnerability Assessment
• External Vulnerability Assessment
• Wireless Assessment
• Application Assessment
• Regulatory Compliance Review including HIPAA, HIPAA2, MA 201 CMR 17, Red Flag Rules, HITECH Act

As part of SMP’s deliverable, we identify gaps and detail risks to information assets. Our report establishes a baseline against which progress towards HIPAA and all regulatory compliance can be measured. It assists in prioritizing and setting realistic targets, and it recommends steps to reduce each risk.

Healthcare Regulatory Consulting in Action

Read a case study showing how Security Management Partners and Cape Cod Healthcare partnered in a HIPAA Assessment to develop a preliminary summary of the organizations' information systems, use of electronic information (including EPHI) and current and future security posture vis a vis their business needs.