A Consultant-Driven Solution for full HIPAA Compliance
Information Gathering
Document Creation
Policy Review
Workforce Training
This phase involves a comprehensive information-gathering exercise to identify the organization’s existing policies and procedures as they relate to HIPAA privacy and security. Know HIPAA utilizes a proprietary questionnaire for this purpose that will identify:
Our consultant uses the information provided in the questionnaires to complete and/or finalize three (3) draft documents:
Our consultant will schedule two (2) separate reviews with the client: one for review of Privacy manual, and one for review of the Security Manual & Risk Analysis. As part of these reviews, we will collaborate with the client’s Benefits/Human Resources contacts (for privacy) and Information Technology (IT) representatives (for security) to confirm its understanding and interpretation of the information provided by the client.
Upon completion of the reviews, we will incorporate any necessary changes into the documents and will submit final versions to the client.
Once our consultant has issued final documents to the client, we will schedule a training with the client’s key personnel. The training will be web-based and will cover the organization-specific policies.
Risk Analysis
The Risk Analysis draws from the information contained in the Office of Civil Rights’ (OCR’s) online risk analysis tool. This ensures that the Risk Analysis addresses the issues that OCR has identified as critical to HIPAA security.
The Risk Analysis forms the basis for evaluating and improving the client’s security program. Items in the tool are ranked by impact, likelihood, and cost to help the client prioritize its remediation efforts. The client completes the Risk Analysis as part of the initial questionnaire process. During Phase 3, the Know HIPAA Consultant will review the results of the Risk Analysis with the client and make any clarifications or modifications as necessary to complete the Risk Analysis.
HIPAA Privacy and Security Manuals
The HIPAA Privacy and Security Manuals contain template language that provides a reasonable approach to complying with the requirements of the Privacy and Security Rules. Know HIPAA will customize the Privacy and Security Manuals to reflect the client’s own practices, when applicable.
Additional Forms
Along with copies of the finalized Risk Analysis and Privacy and Security Manuals, Know HIPAA will send the following sample forms to the client in order to help facilitate implementation HIPAA Privacy and Security Requirements: