Risk Advisory Services Don’t fall behind in the battle to protect the integrity of your data and systems.

Health Insurance Portability and Accountability Act Compliance

A lot rides on your compliance program.

Penalties for noncompliance with HIPAA and the HITECH Act can quickly reach into millions of dollars, and the provisions affecting covered entities and business associates are wide-ranging. Media reports of security and privacy breaches can also be devastating—destroying the trust of your patients, employees, vendors and business associates.

Today, many covered entities (health care providers, plans and clearinghouses) and business associates (persons or organizations with access to individually identifiable health information) are seeking federal "Meaningful Use" funds to help them implement electronic health records (EHR). The catch is that to get funding organizations must be able to show they comply with HIPAA and the HITECH Act.

Questions to ask
With so much riding on your compliance program, some questions may be in order:

Are you certain your HIPAA/HITECH compliance program can withstand regulatory scrutiny?
If you're pursuing "Meaningful Use" funds from the federal government to implement EHR, is the project progressing as expected?
Was your most recent HIPAA assessment conducted in the last year? (If not, it may need updating to address changes)
Did your HIPAA assessment cover both security and privacy?
Have you selected a certified EHR vendor? Or will you need to consider choosing, implementing and/or converting to a certified EHR?

Are you on the right track or do you need to change course?
Regulatory compliance is challenging for most organizations. Whether you're short of staff or simply don't have the resources with the appropriate knowledge and expertise, McGladrey can help you develop the policies, procedures and processes you need to achieve and maintain compliance.

Often, clients tell us they simply "want to know what they don't know." If that sounds familiar, a McGladrey HIPAA/HITECH readiness review or compliance assessment will provide you with a clear indication on how compliant you are now and the specific actions required to change course.

McGladrey consultants assist organizations with the following HIPAA and HITECH Act compliance-related services:

Readiness review—determines how ready your organization is to comply with existing regulations—includes reviewing documentation, interviewing selected managers and general observations
Compliance assessment—includes an in-depth review and analysis of policies, procedures and documentation, interviews with staff and testing existing processes and controls
Risk assessment—in compliance with HIPAA/HITECH regulations, we efficiently perform an accurate, thorough assessment, recording potential risks and vulnerabilities to the confidentiality, integrity and availability of protected health information
Compliant policies and procedures—assist you in adding to or updating your HIPAA/HITECH policies and procedures based on findings of a readiness review or compliance assessment. Our experienced consultants can also assist in developing and implementing these policies and procedures
Self-assessment training—using industry best practices, includes training your personnel on how to conduct a HIPAA/HITECH compliance self-assessment. Training is customized to attendees' experience levels

Deep health care industry experience and knowledge

When you need outside assistance, it's important to choose the right partner. McGladrey understands the issues you face and works with you to customize a compliance plan that fits your organization's structure and culture.

When it comes to compliance—come to McGladrey.

Contact Our Professionals
800.274.3978

Submit your questions, comments or proposal request.

Related Resources