HIPAA/HITECH Assessment and Audit Services
As the use of health information technology continues to expand and become more necessary in today’s healthcare environment, health plans and hospital systems must implement the appropriate level of privacy and security measures to protect the use and disclosure of protected health information (“PHI”) -- as set forth under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and updated through the Health Information Technology for Economic and Clinical Health Act (“HITECH”). Now more than ever, covered healthcare entities and business associates must exhibit constant and active monitoring to ensure compliance with HIPAA Privacy and Security requirements. Healthcare organizations must also be acutely aware of the type of safeguards their contracted vendors have in place to mitigate any inappropriate exposure of PHI. Failure to have the appropriate privacy and security safeguards in place can result in significant negative financial and reputational impact as well as regulatory enforcement from such governmental entities as the Office of Civil Rights (“OCR”), Office of Inspector General (“OIG”), or the Department of Justice (“DOJ”).
HIPAA Privacy and Security risk assessments and audits help mitigate risk exposure to healthcare organizations. As part of its HIPAA Privacy and Security risk assessment and audit services, FTI provides customized and actionable recommendations for operational, process, and performance improvement as well as identify opportunities to mitigate organizational and compliance risk. Our experts assist clients in evaluating and implementing effective Privacy and Security programs that align with the established OCR HIPAA protocols. Our in-depth experience gives clients practical, valuable tools for measuring compliance with PHI disclosure requirements both internally at the organization and at the vendor relationship level and capturing areas of risk.
FTI Consulting also advises clients who are under active OCR investigations related to security breach incidents with implementing corrective action plans, resulting in the appropriate physical security and process organizational corrections. Establishing a formalized security breach protocol is of vital importance so that the root cause is immediately identified and corrected.