HIPAA

HIPAA

Protect patient data and address HIPAA compliance with a HIPAA Security Risk Assessment

Any organization that is a Covered Entity or Business Associate under HIPAA regulations MUST complete an annual security risk assessment, then maintain a supporting risk management as evidence of compliance for a potential HHS/OCR audit.

The Health Insurance Portability and Accountability Act (HIPAA) is a series of regulatory standards that outline the lawful use and disclosure of Protected Health Information (PHI) including Electronic Protected Health Information (ePHI). This federal law passed in 1996 required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).

Keeping patient data safe requires healthcare organizations to exercise best practices in three areas:

  • Administrative security – Refers to the policies and procedures in place to protect the sensitive data.
  • Physical security – Refers to the physical location of the sensitive data and how it is protected. This includes physical workstations and mobile devices.
  • Technical security – Refers to the technology that is used to protect the sensitive data and who has access to the data

A HIPAA Security Risk Assessment (SRA) is essential for the security of information in your organization. A data breach doesn’t just cost you money; it costs you time, resources, and trust. While laws require healthcare providers and their associates to be compliant with HIPAA and HITECH through periodic risk assessments, the objective of those assessments should be to reduce the overall risk of a breach of any protected information.

The Tego Approach

All HIPAA risk assessments are conducted by our ISACA-certified team using the controls identified in the HIPAA Privacy and Security Rules. In addition to conducting the assessment, Tego can help build risk management policies, conduct periodic security training with your employees, and develop and test any contingency plans for your organization.

A HIPAA SRA will address the requirements all healthcare providers and their business associates are required to follow  in order to remain compliant. A HIPAA SRA is not a one-time requirement and should be conducted yearly to ensure continued HIPAA compliance.

Meaningful Use and Merit-Based Incentive Payment System (MIPS)

In 2009, the Federal Government passed the HIPAA HITECH act.  A core objective of HITECH was to drive adoption and “meaningful use” of electronic health record systems.  Ultimately, the feds sought the efficiencies and health benefits of automating the processing of medical records.

Almost anyone who is not operating as a hospital is considered an eligible professional (EP).  Starting in 2011, EPs could receive incentive money for the early adoption of EHR systems.  Those same EPs could receive additional incentives by progressing to more advanced stages of EHR implementation.  As of October 1, 2017, all EPs must attest that they have at least completed the first stage and implemented an EHR system.  EPs who fail to show Stage 1 MU, will have up to 6% of their Medicare/Medicaid reimbursements withheld.

Within the core elements for attestation at each stage is the requirement that the EP has completed a HIPAA Security Risk Assessment pursuant to the HIPAA Security CFR. Completing a Security Risk Assessment is essential to ensuring your medical practice is compliant with the Meaningful Use regulations.

Each iteration of HIPAA modifications, from Meaningful Use through MIPS/MACRA, encourages the completion of a HIPAA SRA and security management program.

Contact us today for a quote for a HIPAA Risk Assessment.

Testimonials

  • Working with Tego has been great. They helped us deploy our new SAN at a critical time so that we were be able to help one of our biggest customers with some performance testing. Their knowledge and attention to detail was critical. It has been a pleasure working with them. — Paul Silveira Sensus Utility

  • We have worked with the folks at Tego even before they were Tego Data. In our business there is no room for downtime and over the years the folks at Tego have helped us design, implement and subsequently upgrade our storage infrastructure several times, under very stringent high availability requirements, without issue. — Ted Boggs Duke University

  • Due to an aging infrastructure we were running into a lot of problems backing up our data out of state. The Tego Data team came in and helped us upgrade our environment and set up replication to Austin TX. They have a very knowledgeable and attentive team and we are happy to be working with them! — Gary Tummond Clerk of Court, Indian River County

  • When we had a major production issue, one even the equipment vendor couldn’t resolve in a timely manner, the Tego team was able to respond quickly, help us fix the problem and get us back up and running. Nolan (Tego Engineer) really saved my bacon. — Scott McMullan Symphony Health Software

  • Tego always provides me excellent sales and support services and has done so for as long as I have been doing business with them, about six years. — David C. Channell Liggett Group LLC Manufacturing

  • Having Tego involved and using cloud services gives us peace of mind. We don’t have to pause day-to-day project management to make software updates, which gives us extra time we didn’t have before to work on other strategic issues critical to the business. — Mathew Price Stewart Engineering

  • We have been working with the team at Tego Systems for 6 years now. They have helped us design and implement our NetApp infrastructure which has worked flawlessly to keep our data protected and available. — Michael N. Lee Putnam Valley Central Schools Education

  • The Tego Team has been a great partner to work with over the last several years. Together we developed a disaster recovery solution which fit our needs and budget. We look forward to continuing our relationship with Tego Data in the years to come. — Paul Murray Thomas H Lee Capital LLC Private Equity

  • We recently upgraded our NetApp environment and moved to cluster mode. Tego helped us design the solution and their engineering staff provided superb support and mentoring during implementation. This was our fourth successful NetApp implementation with the Tego Team. — Robert Troxel Maiden Global Servicing Company Insurance

  • We have been working with the team at Tego for 6 years. They have helped us architect our NetApp storage infrastructure and disaster recovery strategy. When we had a water main break in our data center last year we realized very quickly just how critical good technology and an experienced, responsive partner can be. — Don Shiffett Ober Kaler Law

  • Tego is a world-class IT solutions provider. Their engineers and consultants are senior experts only interested in ensuring their partner institutions get the solutions they need to build an infrastructure today’s students expect from a college or university including post-traditional adult students. From managed services to digital transformation to cloud services and data security, Tego Data has the solutions and services colleges and universities can trust to improve enrollment and student digital experiences. — Dr. Karen Srba former VP of Academic & Instructional Technology American Public University System

Accept

By using this website you agree to our updated Conditions of Use and consent to the collection and use of your personal information as described in our updated Privacy Notice, which includes the categories of data we collect and information about your preferences and rights.