Compliancy Group News

Sublime Computer Services Achieves HIPAA Compliance Program Success

The Compliancy Group has announced that the Nashville, TN-based IT managed service provider Sublime Computer Services has implemented an effective HIPAA compliance program and has demonstrated compliance with all aspects of HIPAA.

Sublime Computer Services was formed in 2008 and since been providing a range of IT services to small to medium sized businesses in the Nashville area and beyond, including many in the healthcare industry.  The company serves as a third-party IT department for its clients, and as such, its services involve contact with systems containing electronic protected health information (ePHI).

As such, Sublime Computer Services must sign a business associate agreement with healthcare organizations and agree to comply with all requirements of HIPAA when providing its services and support.

Any HIPAA compliance failure can potentially result in a financial penalty for healthcare organizations and their business associates. It is therefore important to ensure that no aspect of HIPAA has been missed.

Sublime Computer Services was already providing services to healthcare clients and was aware of the requirements of HIPAA but wanted to confirm company-wide compliance.

In addition to ensuring the company was doing everything it should to comply with HIPAA, completing the Compliancy Group Implementation Program has helped the firm differentiate its services and better serve the healthcare industry.

“94% of covered entities failed their HIPAA audits; we do not want our clients to be among them,” said Adam Bell, President of Sublime Computer Services.

Completion of the six-stage implementation program confirms Sublime Computer Services is adhering to the requirements of the HIPAA Privacy, Security, Breach Notification and Omnibus Rules, as well as the requirements of the HITECH Act. As such, its good faith efforts to comply with HIPAA have earned the firm the Compliancy Group’s HIPAA Seal of Compliance.

The post Sublime Computer Services Achieves HIPAA Compliance Program Success appeared first on HIPAA Journal.

Compliancy Group Confirms TSP Technology Inc has Achieved HIPAA Compliance

Portland, OR-based TSP Technology provides a range of technology services to businesses, helping them to realize the benefits of new technologies without having to have the technical knowhow to implement those technologies.

Naturally, in order to provide IT services to healthcare organizations, TSP Technology is likely to come into contact with private health information. As such, the company is considered a business associate and is required to enter into business associate agreements with healthcare organizations before its services can be provided. The business associate agreement confirms that TSP Technology is aware of its responsibilities under HIPAA Rules and agrees to comply with its provisions.

TSP Technology was already providing services to healthcare companies and had signed business associate agreements with several healthcare companies. HIPAA training had been provided to staff, but it only covered the basics. ePHI was protected and key staff were aware of the allowable uses and disclosures of ePHI, but only a select number of employees had received training.

Safeguards were in place to prevent data breaches, but were OCR to conduct a compliance audit, it was possible that HIPAA compliance issues may be discovered.

In order to ensure that all provisions of HIPAA had been satisfied, TSP Technology turned to the Compliancy Group. The company’s coaches helped TSP Technology through a six-stage implementation program to ensure the company was fully compliant with the requirements of the HIPAA Privacy, Security, Omnibus, and Breach Notification Rules, the requirements of the HITECH Act.

Through the use of The Guard software, TSP Technology has demonstrated company-wide compliance with HIPAA with its good faith effort verified by Compliancy Group’s compliance experts.

TSP Technology can now display the Compliancy Group’s HIPAA Seal of Compliance, which demonstrates to prospective clients the company’s commitment to HIPAA compliance.

The post Compliancy Group Confirms TSP Technology Inc has Achieved HIPAA Compliance appeared first on HIPAA Journal.

Statewide Collection Service Confirmed HIPAA Compliant by Compliancy Group

Statewide Collection Service is a full-service accounts receivable management firm and risk assessment provider serving the healthcare industry. The firm has recently completed the Compliancy Group’s Six Stage implementation process and has been awarded its HIPAA Seal of Compliance.

Companies that do business with healthcare organizations whose products and services require contact with patient data are required to comply with Health Insurance Portability and Accountability Act (HIPAA) Rules. HIPAA sets standards to ensure patients’ protected health information is secured and remains private and confidential at all times.

Statewide Collection Service was formed in 1981 and, as a reputable accounts receivable management firm, is committed to maintaining positive relationships with clients and ensuring any data provided remains private and confidential.

Statewide Collection Service wanted to demonstrate it was in compliance with all federally mandated standards and had the technical, physical, and administrative safeguards in place to ensure every patient identifier was totally secure and protected against unauthorized access.

The company sought assistance from the Compliancy Group to help it on its HIPAA compliance journey. Through the use of Compliancy Group’s compliance tracking software TheGuard, progress toward compliance was tracked and assistance was provided by Compliancy Group’s compliance coaches.

The Compliancy Group methodology involves a risk assessment followed by a six-stage remediation process, at the end of which, all risks to the confidentiality, integrity, and availability of ePHI will have been managed and reduced to a reasonable and acceptable level.

To receive the Seal of Compliance, companies must be in compliance with the requirements of the HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Breach Notification Rule, HIPAA Omnibus Rule, and HITECH Act to standards heavily vetted against federal laws and that meet NIST requirements.

The post Statewide Collection Service Confirmed HIPAA Compliant by Compliancy Group appeared first on HIPAA Journal.

How Phone.com Started as a HIPAA Business Associate

Getting started as a business associate and entering into the healthcare sphere can be a major challenge, but the potential rewards are considerable, as Phone.com discovered.

Breaking into the Healthcare Industry

Companies that provide services and products to healthcare clients that require contact with protected health information (PHI) are considered business associates under Health Insurance Portability and Accountability Act (HIPAA) Rules. As such, they must implement policies and procedures to ensure they comply with HIPAA Rules, sign business associate agreements with HIPAA-covered entities, and need to ensure safeguards are implemented to ensure the confidentiality, integrity, and availability of any ePHI that they are provided with.

For many businesses, having to comply with HIPAA stops them from expanding into this potentially very lucrative market. Not only is it necessary to commit resources to compliance, any failures could result in a considerable financial penalty. The HHS’ Office for Civil Rights has recently confirmed that there are 10 aspects of HIPAA Rules which can, if violated by a business associate, result in a financial penalty.

Benefits of HIPAA Compliance for Vendors

While the healthcare industry is one of the fastest growing markets in the United States, and with so many medical specialties and sub-verticals, it is easy for companies to find a niche in which to operate and thrive.

One company that made the decision to develop a HIPAA compliance program to enable it to expand into the healthcare market is Phone.com, a provider of collaborative VOIP services for small businesses.

While the potential for growth in the healthcare sector was appreciated, when Phone.com started its HIPAA compliance program the extent to which the company would grow as a result was majorly underestimated.

Since becoming HIPAA compliant 18 month ago, the company has signed more than 700 business associate agreements with HIPAA covered entities and a large percentage of those clients are entirely new to Phone.com.

Not only has becoming HIPAA compliant allowed Phone.com to work directly with healthcare companies, it has also allowed the company to work with business associates of HIPAA-covered entities.

“Our success and responsiveness with health care vendors is well beyond what I expected. There is a real need for HIPAA compliant vendors in the market today – it’s a strong and concrete differentiator,” said Joel Maloff, SVP of Strategic Alliances and Chief Compliance Officer at Phone.com.

Assistance with HIPAA Compliance

Phone.com’s HIPAA compliance journey was aided by The Compliancy Group, offers compliance coaches to guide businesses through all requirements of HIPAA and provides solutions that include HIPAA policies and procedures, business associate agreements, risk analysis assistance, verification of compliance, and HIPAA audit support.

“When we first considered if we should become HIPAA compliant, one of the first things we did was a simple search through our existing clients who could potentially be in health care or touch health care data. We found 600 in our database alone, and that became a huge driver for seeking out Compliancy Group’s help,” explained Maloff. “Compliancy Group gives us the flexibility to execute BAAs that competitors simply don’t have the time or capacity to complete. We’ve been able to directly attribute substantial growth in monthly recurring revenue (MRR) to just Compliancy Group’s BAAs alone.”

The post How Phone.com Started as a HIPAA Business Associate appeared first on HIPAA Journal.

HIPAA Quiz Launched by Compliancy Group

A new HIPAA Quiz has been launched by the Compliancy Group, which serves as a quick and easy free tool to assess the current state of HIPAA compliance in an organization.  

Healthcare organizations that have implemented policies and procedures to comply with the Health Insurance Portability and Accountability Act (HIPAA) Rules may think that they are fully compliant with all provisions of the HIPAA Privacy, Security, and Breach Notification Rules. However, HHS’ Office for Civil Rights (OCR) compliance audits and investigations into data breaches and complaints often reveal certain requirements of HIPAA have been missed or misinterpreted.

OCR investigates all breaches of more than 500 records and so far in 2018, six financial penalties have been issued to HIPAA covered entities to resolve HIPAA violations. The average settlement/civil monetary penalty in 2018 is $1,491,166.

State attorneys general also investigate data breaches and complaints and can also issue fines for noncompliance with HIPAA Rules. There have been five fines issued by state attorneys general in 2018 to resolve HIPAA violations. The average settlement amount is $514,563 in 2018 and was $718,800 in 2017.

To help healthcare organizations comply with HIPAA Rules and avoid financial penalties, the Compliancy Group, a team of HIPAA compliance experts that help healthcare organizations meet HIPAA requirements, has released a free HIPAA Quiz that allows healthcare organizations to conduct a quick assessment to determine whether they are meeting the basic requirements of HIPAA. The quiz consists of yes/no questions that have been designed to get a baseline reading of HIPAA compliance against the fundamental elements of HIPAA.

“We designed the Compliancy Group HIPAA Quiz to empower health care professionals,” said Joe Bilello, Vice President of Compliancy Group. “Too often we see misconceptions around HIPAA compliance in the health care market. We hope the HIPAA Quiz will give users the chance to find out what’s really required for HIPAA compliance, rather than relying on hearsay and outdated information. Compliancy Group is always here to help address HIPAA concerns for anyone from single-doctor practices, to large-scale technology providers.”

The HIPAA compliance assessment tool can be accessed on this link.

The post HIPAA Quiz Launched by Compliancy Group appeared first on HIPAA Journal.