Compliancy Group News

Statewide Collection Service Confirmed HIPAA Compliant by Compliancy Group

Posted by HIPAA Journal

Statewide Collection Service is a full-service accounts receivable management firm and risk assessment provider serving the healthcare industry. The firm has recently completed the Compliancy Group’s Six Stage implementation process and has been awarded its HIPAA Seal of Compliance.

Companies that do business with healthcare organizations whose products and services require contact with patient data are required to comply with Health Insurance Portability and Accountability Act (HIPAA) Rules. HIPAA sets standards to ensure patients’ protected health information is secured and remains private and confidential at all times.

Statewide Collection Service was formed in 1981 and, as a reputable accounts receivable management firm, is committed to maintaining positive relationships with clients and ensuring any data provided remains private and confidential.

Statewide Collection Service wanted to demonstrate it was in compliance with all federally mandated standards and had the technical, physical, and administrative safeguards in place to ensure every patient identifier was totally secure and protected against unauthorized access.

The company sought assistance from the Compliancy Group to help it on its HIPAA compliance journey. Through the use of Compliancy Group’s compliance tracking software TheGuard, progress toward compliance was tracked and assistance was provided by Compliancy Group’s compliance coaches.

The Compliancy Group methodology involves a risk assessment followed by a six-stage remediation process, at the end of which, all risks to the confidentiality, integrity, and availability of ePHI will have been managed and reduced to a reasonable and acceptable level.

To receive the Seal of Compliance, companies must be in compliance with the requirements of the HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Breach Notification Rule, HIPAA Omnibus Rule, and HITECH Act to standards heavily vetted against federal laws and that meet NIST requirements.

The post Statewide Collection Service Confirmed HIPAA Compliant by Compliancy Group appeared first on HIPAA Journal.

How Phone.com Started as a HIPAA Business Associate

Posted by HIPAA Journal

Getting started as a business associate and entering into the healthcare sphere can be a major challenge, but the potential rewards are considerable, as Phone.com discovered.

Breaking into the Healthcare Industry

Companies that provide services and products to healthcare clients that require contact with protected health information (PHI) are considered business associates under Health Insurance Portability and Accountability Act (HIPAA) Rules. As such, they must implement policies and procedures to ensure they comply with HIPAA Rules, sign business associate agreements with HIPAA-covered entities, and need to ensure safeguards are implemented to ensure the confidentiality, integrity, and availability of any ePHI that they are provided with.

For many businesses, having to comply with HIPAA stops them from expanding into this potentially very lucrative market. Not only is it necessary to commit resources to compliance, any failures could result in a considerable financial penalty. The HHS’ Office for Civil Rights has recently confirmed that there are 10 aspects of HIPAA Rules which can, if violated by a business associate, result in a financial penalty.

Benefits of HIPAA Compliance for Vendors

While the healthcare industry is one of the fastest growing markets in the United States, and with so many medical specialties and sub-verticals, it is easy for companies to find a niche in which to operate and thrive.

One company that made the decision to develop a HIPAA compliance program to enable it to expand into the healthcare market is Phone.com, a provider of collaborative VOIP services for small businesses.

While the potential for growth in the healthcare sector was appreciated, when Phone.com started its HIPAA compliance program the extent to which the company would grow as a result was majorly underestimated.

Since becoming HIPAA compliant 18 month ago, the company has signed more than 700 business associate agreements with HIPAA covered entities and a large percentage of those clients are entirely new to Phone.com.

Not only has becoming HIPAA compliant allowed Phone.com to work directly with healthcare companies, it has also allowed the company to work with business associates of HIPAA-covered entities.

“Our success and responsiveness with health care vendors is well beyond what I expected. There is a real need for HIPAA compliant vendors in the market today – it’s a strong and concrete differentiator,” said Joel Maloff, SVP of Strategic Alliances and Chief Compliance Officer at Phone.com.

Assistance with HIPAA Compliance

Phone.com’s HIPAA compliance journey was aided by The Compliancy Group, offers compliance coaches to guide businesses through all requirements of HIPAA and provides solutions that include HIPAA policies and procedures, business associate agreements, risk analysis assistance, verification of compliance, and HIPAA audit support.

“When we first considered if we should become HIPAA compliant, one of the first things we did was a simple search through our existing clients who could potentially be in health care or touch health care data. We found 600 in our database alone, and that became a huge driver for seeking out Compliancy Group’s help,” explained Maloff. “Compliancy Group gives us the flexibility to execute BAAs that competitors simply don’t have the time or capacity to complete. We’ve been able to directly attribute substantial growth in monthly recurring revenue (MRR) to just Compliancy Group’s BAAs alone.”

The post How Phone.com Started as a HIPAA Business Associate appeared first on HIPAA Journal.

HIPAA Quiz Launched by Compliancy Group

Posted by HIPAA Journal

A new HIPAA Quiz has been launched by the Compliancy Group, which serves as a quick and easy free tool to assess the current state of HIPAA compliance in an organization.  

Healthcare organizations that have implemented policies and procedures to comply with the Health Insurance Portability and Accountability Act (HIPAA) Rules may think that they are fully compliant with all provisions of the HIPAA Privacy, Security, and Breach Notification Rules. However, HHS’ Office for Civil Rights (OCR) compliance audits and investigations into data breaches and complaints often reveal certain requirements of HIPAA have been missed or misinterpreted.

OCR investigates all breaches of more than 500 records and so far in 2018, six financial penalties have been issued to HIPAA covered entities to resolve HIPAA violations. The average settlement/civil monetary penalty in 2018 is $1,491,166.

State attorneys general also investigate data breaches and complaints and can also issue fines for noncompliance with HIPAA Rules. There have been five fines issued by state attorneys general in 2018 to resolve HIPAA violations. The average settlement amount is $514,563 in 2018 and was $718,800 in 2017.

To help healthcare organizations comply with HIPAA Rules and avoid financial penalties, the Compliancy Group, a team of HIPAA compliance experts that help healthcare organizations meet HIPAA requirements, has released a free HIPAA Quiz that allows healthcare organizations to conduct a quick assessment to determine whether they are meeting the basic requirements of HIPAA. The quiz consists of yes/no questions that have been designed to get a baseline reading of HIPAA compliance against the fundamental elements of HIPAA.

“We designed the Compliancy Group HIPAA Quiz to empower health care professionals,” said Joe Bilello, Vice President of Compliancy Group. “Too often we see misconceptions around HIPAA compliance in the health care market. We hope the HIPAA Quiz will give users the chance to find out what’s really required for HIPAA compliance, rather than relying on hearsay and outdated information. Compliancy Group is always here to help address HIPAA concerns for anyone from single-doctor practices, to large-scale technology providers.”

The HIPAA compliance assessment tool can be accessed on this link.

The post HIPAA Quiz Launched by Compliancy Group appeared first on HIPAA Journal.