Mulholland Information Security offers a comprehensive HIPAA/HITECH Security Assessment providing you the information necessary to become and remain compliant with security standards and practices.

Organizations that process and/or maintain healthcare-related information are mandated by the Health Insurance Portability and Accountability Act (HIPAA) to demonstrate security compliance of electronic protected health information (ePHI).

The HIPAA rules require that covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of Protected Health Information (PHI) in any form.

In addition, the HITECH ACT requires that covered entities implement policies and procedures to address the final disposition of electronic PHI and the hardware or electronic media on which it is stored. Entities must also implement procedures for the removal of electronic PHI from electronic media before the media are made available for re-use.

The Security Rule applies to the following covered entities:

• Covered Healthcare Providers — Any provider of medical or other health services, or supplies, who transmits any health information in electronic form in connection with a transaction for which HHS has adopted a standard.
• Health Plans — Any individual or group plan that provides or pays the cost of medical care such as a health insurance issuer and the Medicare and Medicaid programs.
• Healthcare Clearinghouses — A public or private entity that processes another entity’s healthcare transactions from a standard format to a nonstandard format, or vice versa.
• Medicare Prescription Drug Card Sponsors – A nongovernmental entity that offers an endorsed discount drug program under the Medicare Modernization Act.

Mulholland Information Security has developed a thorough operations and service delivery assessment that addresses the intense examination by government and public auditors who monitor your organization for compliance with HIPAA/HITECH as well as other industry regulations.

Our HIPAA/HITECH Risk Management Assessment

The HIPAA/HITECH Assessment assists management in establishing requirements for state and federal agencies by assessing the general and application controls requirements throughout your organization’s various business functions.

The purpose of the assessment is multi-fold:

• To ensure the confidentiality, integrity and availability of PHI data
• To identify existing vulnerabilities within the information security network
• To provide a detailed corrective action plan and recommendations to protect against both internal and external threats
• To serve as a baseline assessment in preparation for regulatory audits and for all future information security program initiatives

The Analysis

The elements of analysis within our HIPAA/HITECH Security Assessment fall into these broad categories:

• General rules for security standards – includes the general requirements that your organization must meet, identifies standards and implementation specifications, outlines decisions regarding implementation specifications and ongoing maintenance
• Administrative safeguards – includes how you and your workforce will manage and protect PHI
• Physical safeguards – covers the policies and procedures for protecting your PHI systems, related equipment and buildings from natural and environmental hazards and unauthorized intrusion
• Technical safeguards – includes the technology, policies and procedures to protect PHI and who can access it
• Organizational requirements – includes standards for contracts with business associates
• Policies, procedures & documentation requirements – covers the maintenance of written documentation (including electronic versions) of policies, procedures, activities or assessments required by the security rule

Mulholland Information Security provides the following at the conclusion of each consulting engagement:

• Pre-assessment Gap Analysis Report
• Corrective Action Plan
• Report on Compliance

Our deliverables also include Risk Assessment Qualifiers that explain how each area is rated, technical reports from all internal and external scans, and a prioritized remediation action plan.

To learn more about our HIPAA/HITECH Assessments and Services, please contact us at (904) 354-7989 or visit us at www.mulhollandinvestigation.com.