1. Governance & Risk Management»

HIPAA – HITRUST Preparation & Assessment

Any U.S. organization maintaining or transmitting electronic protected health information, commonly known as ePHI, must comply with the Health Insurance Portability and Accountability Act (HIPAA).

Talk to Sales

A Prescription for Security & Privacy

HIPAA established rules around protecting the security and privacy of sensitive patient data. GM Sectec can help you respond to the regulation's guiding principles of confidentiality, integrity, and availability of electronic protected health information (ePHI).

HIPAA: Fast Facts and Consequences

HIPAA features three components related to data protection: the Security Rule, the Privacy Rule and the Breach Notification Rule.
HIPAA requires "covered entities," which include hospitals, pharmacies, group health plans and individual provider offices, and their third-party "business associates" to deploy technical controls to prepare for audits and protect sensitive ePHI.
The maximum civil fine is $50,000 per violation, up to a maximum of $1.5 million per violation category, with the Office of Civil Rights within the U.S. Department of Health and Human Services collecting some $20 million in fines and settlements in 2017.
The HITECH Act of 2009 is a distinct law from HIPAA, but the two overlap and reinforce each other in certain ways.

Identify Risks Unique to your health organization

Complying with HIPAA is important, but its purpose is to protect patient data. Completing a risk analysis helps you comply with the HIPAA Security Rule and identify risks at your organization. This important step helps us create your risk management plan.

Have a Security Expert In Your Corner

You don’t always have a HIPAA or data security expert on staff. Partnering with us includes a dedicated HIPAA Support Advisor to guide you through HIPAA compliance and answer questions when you have them.

HIPAA – HITRUST Preparation & Assessment