HIPAA
Administered by the Department of Health and Human Services, HIPAA adopts standards for the security of electronic protected health information to be implemented by health plans, healthcare clearinghouses and certain health care providers. HIPAA’s Security Rule, which went into effect in April 2005, requires affected organizations to address and improve their data security program, including technical safeguards such as authentication and encryption. In doing this, many organizations are struggling with:

• Understanding HIPAA – understanding HIPAA’s current Security Rule while trying to proactively prepare for upcoming provisions
• Determining specific requirements – identifying specific control requirements for HIPAA standards that provide significant room for interpretation
• Creating a control architecture - creating a centralized set of policies and controls that ensure compliance with current HIPAA standards
• Documenting the audit approach – documenting policies describing the controls on security and integrity of personal and private financial data
• Collecting audit evidence - creating a systematic approach for collecting and documenting audit proof, including assessments and system compliance checks

The Business Impact
Although HIPAA was signed into effect in 1996, new provisions for storage and identification will be released second quarter 2007. Organizations are looking for solutions to ensure patient confidentiality and accountability in protecting their electronic data. Due to the difficulty, knowledge and scope required, improving security and demonstrating compliance can be expensive. With current standards, organizations have felt the impact of HIPAA compliance- the 2007 provisions will likely only exacerbate the situation through:

• Increased costs – adequately protecting enterprise information systems within constrained budgets
• Increased risk - increasing risk due to potential impacts of non-compliance with current HIPAA requirements, including potential financial impact of fines and penalties

The Compliance Spectrum HIPAA Solution
Compliance Spectrum provides the services and capabilities needed both to achieve and demonstrate compliance with HIPAA requirements. By providing compliance assessments, compliance program development, policy and control development support, product training and product implementation, Compliance Spectrum has gained a solid understanding of the health care market and its unique requirements. Key capabilities of the Compliance Spectrum HIPAA solution include:

• Regulations and requirements management - identifies gaps between current policies and controls and HIPAA requirements
• Controls management (policy and awareness) - provides an auditable, centralized repository for policies and controls, comprehensive templates for 'quick start' programs, and deployment and awareness tracking
• Audit management - provides audit point tracking and prep reporting capabilities for internal and external audit activities
• Vulnerability and incident management - provides a comprehensive vulnerability database, targeted alerting, and task management and status tracking
• Compliance management - supports online assessment and integrated audit point tracking for demonstrable compliance

Compliance Spectrum’s Spectra automates key processes across the IT compliance life cycle.

For more solutions click on the compliance standards below:

Contact us to learn more >>