A third-party assessment to demonstrate HIPAA compliance provides evidence of due diligence to comply with HIPAA, sets an organization up for success in the event of an OCR audit, and may reduce fines resulting from an OCR breach investigation.
Schellman has spent more than 15 years conducting fully detailed HIPAA examinations for HIPAA Business Associates. More recently, we’ve noted heightened interest among Providers that want to benefit from our expertise, but with a slightly different focus that requires a more modest investment. The result is a right-sized HIPAA risk-based assessment for Providers that we call HIPAA Express, and it follows our proven process.
An initial information gathering questionnaire, project calendar, and targeted information request list followed by a planning meeting.
A HIPAA Security Rule Risk Analysis / Risk Management requirements workshop with immediate feedback on whether your organization is in alignment with the essential elements the OCR expects to see in a quality HIPAA security risk analysis / risk management program.
Following the workshop, meetings (at your discretion) with the ELT, your Board, and other internal teams allows for in-depth discussions around key areas for compliance. This includes a review of your policies and procedures that address the key areas for HIPAA compliance, as well as review evidence for certain common areas of failure. Throughout the process if we identify any areas of noncompliance, we raise them to your team immediately.
A closing meeting to summarize the results of the HIPAA compliance assessment and ensure that you understand any findings noted.
In addition to the workshop and meetings described herein, you’ll also receive a report that details the:
Doug Kanney is a Managing Principal at Schellman. Doug leads the HITRUST, and HIPAA service lines and assists with methodology and service delivery across the SOC, PCI-DSS, and ISO service lines.