atsec

Deutsch | 汉语

 back to the list of services

HIPAA and HITECH

What atsec offers:

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides personal health information protection rules that are applicable to all entities that manage such information, including health care providers, employers, insurers, and others. HIPAA requires these entities to be compliant with specific security and privacy provisions in managing healthcare information, but does not mandate how compliance must be implemented.

atsec information security offers both expert knowledge about medical industry information security practices and a long history of security assessments under various standards including BS 7799, ISO 27001, FISMA (Federal Information Security management Act) and the Payment Card Information Data Security Standard.

A potent combination of quality, experience, industry-specific knowledge and standards-based assessment experience makes atsec the partner of choice for you in achieving HIPAA compliance.

HIPAA introduces a set of organizational and procedural changes that address the confidentiality, availability, integrity and overall security of Electronic Patient Health Information (ePHI) within the HealthCare and Medical Services industry.

If your organization is a Covered Entity (CE) as defined by the Health and Human Services Department, you are required to implement the practices defined in the HIPAA Security Rule. One of these requirements is regular assessment and review of your companies’ policies, procedures and overall information systems security risk exposure.

We provides HIPAA security consulting and vulnerability assessments and provides our clients comparative information and baselines against industry standard practices in addition to the HIPAA mandated review items in the Security Rule.

atsec will provide your organization with a complete assessment as required under the HIPAA specifications. The types of reviews available include:

• A general on-site interview with personnel, system analysis, policy and procedure review and remediation suggestions.
• A detailed review of your HIPAA security compliance as compared to each of the required implementation specifications, which includes a detail report and gap analysis.

Why our services are important to you

The HITECH Act was signed into law in February 2009 widening the scope of privacy and security protections available under HIPAA, increased potential legal liability for non-compliance, and provided for greater enforcement of HIPAA rules.
atsec have wide experience in helping organization meet the requirements of various legislation, and are expert at efficiently and effectively implementing change in organizations with complex requirements. For example meeting the needs of several regulatory or legislative needs imposed by different countries, where atsec has many years of experience with privacy legislation in Europe including the Data Protection Act of the U.K. (1994 and 1998) and Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

Simply put, a covered entity cannot afford to ignore HIPAA requirements or to risk non-compliance out of lack of understanding of what constitutes compliance. You need an expert partner to guide you to HIPAA compliance. atsec can be your partner to achieve successful compliance.

For more information

Please refer to our resource pages.