A To Z Financial Services
(Medical Division)

Hippa and HITECH Compliance Review

We provide complete HIPPA compliance reviews.

From Security to Privacy
, HIPPA has a far reaching authority to fine covered entities

After review, we will present you with work flow modifications based upon our findings for lack of proper procedures to protect Private Health Information (PHI).

All too often companies either become lax or are ignorant of the vast complexities required to become and remain HIPPA compliant with these mandatory regulations.

These regulations cover methods and procedures required to adequately protect (PHI).

Failure to adhere to these can result in severe fines amounting up to $1,500,000. These fine amounts are based in part on the level of implementation of the HIPPA regulations. I.E. the more prepared the lessor the fine.

It is highly suggested to regularly review your companies compliance level as the requirements change regularly.

Is your company prepared?

Do you have updated policies and procedures already in place?

Is your IT infrastructure compliant?

Do you have secure equipment disposal?

Are ALL of your business associates aware of, and compliant with your policies and procedures?

Can your company financially afford a breach resulting in a $1,500,000 fine?

Just to give you an idea:

1.0 Security Standards:
Matrix Standards
Sections Implementation Specifications
Administrative Safeguards
Security Management Process 164.308(a)(1) Risk Analysis (R)
    Risk Management (R)
    Sanction Policy (R)
    Information System Activity Review (R)

Assigned Security Responsibility 164.308(a)(2)   (R)
Workforce Security 164.308(a)(3) Authorization and/or Supervision (A)
    Workforce Clearance Procedure Termination Procedures (A)
Information Access Management 164.308(a)(4) Isolating Health Care Clearinghouse Function (R)
    Access Authorization (A)
    Access Establishment and Modification (A)
Security Awareness and Training 164.308(a)(5) Security Reminders (A)
    Protection from Malicious Software (A)
    Log-in Monitoring (A)
    Password Management (A)
Security Incident Procedures 164.308(a)(6) Response and Reporting (R)
Contingency Plan 164.308(a)(7) Data Backup Plan (R)
    Disaster Recovery Plan (R)
    Emergency Mode Operation Plan (R)
    Testing and Revision Procedure (A)
    Applications and Data Criticality Analysis (A)
Effective February 12, 2014 (8 CCR 9792.5.1(b))

California Electronic Medical Billing and Payment Companion Guide

Standards Sections Implementation Specifications
Evaluation 164.308(a)(8) (R)
Business Associate 164.308(b)(1) Written Contract or Other
Contracts and Other Arrangement (R)
Physical Safeguards
Facility Access Controls 164.310(a)(1)
Contingency Operations (A)
Facility Security Plan (A)
Access Control and
Validation Procedures (A)
Maintenance Records (A)
Workstation Use 164.310(b) (R)
Workstation Security 164.310(c) (R)
Device and Media 164.310(d)(1) Disposal (R)
Media Re-use (R)
Accountability (A)

Data Backup and Storage (A)
Technical Safeguards (see 164.312)
Access Control 164.312(a)(1) Unique User Identification (R)
Emergency Access Procedure (R)
Automatic Logoff (A)
Encryption and Decryption(A)
Audit Controls 164.312(b) (R)
Integrity 164.312(c)(1) Mechanism to Authenticate
Electronic Medical Information (A)

Person or Entity Authentication 164.312(d) (R)
Transmission Security 164.312(e)(1) Integrity Controls (A)

Sample Online Compliance Report