Healthcare Information Technology

Become EPCS Certified

Certify your EHR or ePrescribing Application as Electronic Prescriptions for Controlled Substances. Learn more »

Determine If Your Healthcare Security Product Is Ready for HHS Breach Safe Harbor Certification

Use our free SecureEHR Online Product Profile to assess whether your Healthcare product qualifies for HHS Safe Harbor from Breach Reporting. Learn More »

Understand InfoGard's EHR Certification Process

cert_seal_sm.png

Use InfoGard's ONC-ATCB Process for decrypting technical language and guiding you through the procedures for becoming EHR certified.
Learn More »

Under the Health Insurance Portability and Accountability Act (HIPPA)/Health Information Technology for Economic and Clinical Health (HITECH) Act, events such as the loss of a thumb drive or iPhone containing patient information can trigger a cascade of damage to professional reputation as well as significant financial losses.

The Breach Notification Rule requires that Healthcare providers and business associates notify each affected individual when there is a breach of Protected Health Information (PHI). Healthcare providers suffering a PHI breach are also subject to U.S. Department of Health and Human Services (HHS) fines of up to $1.5 million per year of violation, as well as the potential of civil suits brought by affected individuals. In addition, penalties can be levied by state attorneys general. The HHS can also refer cases to the U.S. Department of Justice (DOJ) for criminal investigation if the HHS suspects willful negligence on the part of a covered entity.

The HHS has indicated that it intends to audit every breach that affects more than 500 individuals.  The agency is also required to conduct periodic audits to verify compliance with HIPAA and is in the process of establishing the procedures under which these audits will be performed.

As a leader in the certification of Healthcare Technology and the validation of Security solutions, InfoGard is able to assist Healthcare providers and business associates with compliance strategies for the HIPAA Privacy and Security Rules. InfoGard is approved by the HHS as an Office of the National Coordinator Authorized Testing and Certification Body (ONC-ATCB) for Electronic Health Record (EHR) software. InfoGard also has nearly 20 years of experience as a government-accredited laboratory performing hardware and software Security evaluations, including those of Health Information Technology (HIT). Much of our evaluation work is based upon the Standards and Guidances specified by the HHS for protection of PHI. Our experience also includes performing Hospital HIPAA compliance audits.

The range of HIPAA Security and Privacy rule compliance services InfoGard offers includes:

  • Risk Assessment (as required by the Security Rule and to meet ONC Meaningful Use Criteria)
  • HIPAA Audit for identifying areas needing corrective action and HIPAA Audit for providing evidence of compliance.
  • Development of policies and procedures to achieve HIPAA compliance without workflow disruption.
  • Assistance establishing contracts between Healthcare providers and business associates, including the assessment and recommendation of contract-specified technical controls and policies.
  • Assistance selecting and deploying Security solutions and policies that meet the HIPAA Breach Safe Harbor established by HHS
  • Training of IT staff to perform internal Risk Assessments, including the use of automated Vulnerability Scanning tools to generate rapid, accurate results.

Our ability to bring together IT Security expertise with experience and knowledge of EHR technology, e-Prescribing regulations, and HIPAA compliance has allowed us to play key industry roles in Healthcare. Please contact InfoGard to speak with one of our Healthcare Security Consultants about how we can aid you with your HIPAA Security and Policy rules compliance: Call us at 805.783.0810 or use our Contact Form.