What Can EMR Legal’s HIPAA Consulting Services Do for You?
Did you know that failure to comply with HIPAA, the DHHS Privacy and Security regulations, and the HITECH Act can result in hefty fines and even imprisonment? DHHS has said that it will also focus on board members, CEOs, and management, not just “worker bees.”
You are responsible for compliance. How can you ensure that you are meeting federal and state statutes and regulations to protect patient privacy and the integrity, availability, and confidentiality of health information?
Jonathan P. Tomes, President of EMR Legal, Inc., and author of The Compliance Guide to HIPAA and the DHHS Regulations, 5th ed., among more than 50 other books on health care, privacy rights, and other topics, and a nationally recognized expert on HIPAA compliance issues, along with the rest of EMR Legal’s experienced HIPAA compliance team, is available to audit and consult with your organization concerning HIPAA and HITECH compliance in the following areas:
- Informing management of the need for and requirements of HIPAA, the DHHS regulations, and the HITECH Act.
- Drafting and/or reviewing HIPAA required privacy and security policies, procedures, and plans.
- Inventory of health information assets.
- Gap analysis (what you need to do to get from where you are today to become HIPAA and HITECH Act compliant).
- Strategic planning for HIPAA and HITECH Act compliance.
- Risk analysis.
- Selecting reasonable and appropriate, cost effective security measures to guard against identified risks and threats.
- Reviewing hardware/software acquisitions for HIPAA and HITECH Act compliance.
- Documenting HIPAA compliance.
- Providing required HIPAA training.
As a consultant group with a strong legal background and regulatory compliance experience, members of EMR Legal, Inc., offer the following:
- More than a decade and a half providing legal services in the health information area with a focus on electronic health information.
- In-depth knowledge of health information management. Years of experience working with directors of information systems for health care providers and with directors of health information management, an associate membership in the American Health Information Management Association, a learning and teaching for hundreds of seminars and speaking engagements around the country, our team knows health care information from the ground up, unlike many attorneys who work only with facility general counsel.
- In-depth experience with information security. As a former military intelligence officer, Mr. Tomes has had training and practical experience both in attacking security systems and in protecting sensitive information.
- Cost-savings. As a small businessman, Jon Tomes understand the need for cost-effective HIPAA compliance in an already over-regulated industry. Entities that cannot afford the services of a huge law firm, accounting firm, or other consulting firm will find our services very cost-effective. When necessary, we use other specialists, such as a technical security specialist, as part of a compliance team.
To become HIPAA compliant you must first know where you are not HIPAA compliant. That is why we have developed a easy to use Gap Analysis Survey Questionnaire. It doesn’t matter whether you are a covered entity or a business associate, this tool will give our experts the knowledge they need to point out what those gaps in HIPAA compliance are. One of our HIPAA expert consultants will review your questionnaire and make note in detail any compliance inadequacies or deficiencies and offer suggestions for improvement in regard to any such deficiencies in the form of a confidential written Gap Analysis Report. Not only will you receive a hard copy of this report for your records, but you also receive a confidential telephone consultation to discuss further questions you may have as well as the opportunity to gain even more insight from a professional the steps you need to take to improve HIPAA compliance in a reasonable, appropriate, and cost effective manner. Know for a fact which HIPAA policies and procedures need to be updated or implemented instead of playing a costly guessing game. HIPAA compliance can be time consuming, confusing and costly, allow our team to help you start the right way with the right tools at the right price.
Bundle the Gap Analysis Survey Questionnaire with Veterans Press’ HIPAA Compliance Library. Receive the special discounted price and have access to all the tools you need to become HIPAA compliant.
HIPAA and HITECH Compliance Audit:
In performing a HIPAA and HITECH compliance audit for your organization, EMR Legal’s team of HIPAA consultants, who are attorneys and other professionals in related fields, would take the following steps to make sure that your organization is HIPAA and HITECH Act compliant:
- Review all of your organization’s HIPAA security policies.
- Review all of your organization’s HIPAA privacy policies.
- Inspect your organization’s HIPAA risk analysis efforts and documentation.
- Inspect your HIPAA training efforts.
- Inspect your HIPAA privacy and security programs.
- Inspect your organization’s physical environment for potential HIPAA, HITECH, and Omnibus rule change violations.
- Provide specific guidance as to how to fix problems related to HIPAA, HITECH, and Omnibus rule change compliance.
Attorney Jonathan P. Tomes has been presenting seminars in HIPAA compliance across the country since 1996. Tomes, along with others at EMR Legal, Inc., is a leader in conducting risk analysis, helping organizations become HIPAA compliant, and auditing various types of organizations for HIPAA compliance in their risk analyses, their policies, their procedures, their regulatory required safeguards and security measures, their training, record keeping, and privacy and security programs. We can conduct a cost effective HIPAA and HITECH compliance audit onsite or offsite, according to your schedule.
Email us for more information.
EMR Legal, Inc., also provides HIPAA, HITECH and Omnibus rule change training. Both the HIPAA security and the HIPAA privacy regulations require training of all personnel, including management. Various members of EMR Legal’s HIPAA compliance team have given HIPAA compliance seminars for Cross Country Education, Healthcare Financial Management Association, Faulkner & Gray’s Automated Medical Payments Conference, Lorman Business Centers, the American Bar Association, various bar associations, and various state chapters of the American Health Information Management Association. EMR Legal’s HIPAA compliance team is available to come to your location and present custom tailored compliance seminars for your employees and/or management in a dynamic, cost effective, down-to-earth manner.
Email us for more information.
Breach Remediation Services:
With the increase in criminal liability and civil money penalties under the HITECH Act and now Omnibus rule change, would you want to risk the chance of improperly handling a breach, a complaint, or an investigation? EMR Legal, Inc., has the experience to assist you in both avoiding a breach and helping you take the following steps towards HIPAA/HITECH breach remediation:
- Determine whether you have a HIPAA breach.
- Properly report a breach, internally or to the DHHS and the individual(s).
- Take immediate action to mitigate a HIPAA breach.
- Assist with the proper forms, format, and contents of any necessary reports and notifications.
- Help you write and implement the policies and procedures to prevent breaches, complaints, and investigations in the future.
Homegrown computing networks are not safe. You know it. We know it. But more importantly, they know it.
- $1 Trillion of intellectual property stolen in 2008 alone
- 73% of Americans are victims of cyber crime
- There’s approximately 156 days between compromise and detection
- 90% of businesses have been hacked
- The average website has 79 serious vulnerabilities
- A single cyber-gang took control of 1.9 million computers
Evaluate your security risk by simulating a malicious attack. A simulated attack will show you exactly how a hacker thinks, discovers vulnerabilities, and then exploits your computing network, software, website, and infrastructure. We’ll complete a detailed roadmap to tighten your security and better manage your digital infrastructure. In some industries, such as banking and healthcare, the law requires an evaluation.
We’ll work closely with you to build the simulated attack. We can simulate an attack by unknown parties or rogue employees (or others with access). The test can be announced or covert to test the response of your current security measures.
Timeline: Varies based on the scope of the simulated attack. In most cases, our team can complete the planning, attack, and de-brief in 1 week.
Pricing: Varies based on the scope of the simulated attack. In most cases, the cost is between $2,000 – $3,000 per day. Please call for a quote.
HIPAA Compliance Certification:
Upon successful completion of your HIPAA and HITECH Compliance Audit, including helping you take steps to ensure that your organization is HIPAA and HITECH Act compliant, EMR Legal would issue your organization a Certificate of HIPAA Compliance in the Privacy and Security Regulations.
EMR Legal Certificate of HIPAA Compliance for the Privacy and Security Regulations is as follows: The regulations state that the certification can be done “internally or by an external accrediting agency.” Jonathan P. Tomes, HIPAA consultant with EMR Legal, Inc. conducted an onsite or offsite HIPAA audit for this organization (“The Client” or “Client”) and it is our legal opinion that this Client has met the requirements of 45 C.F.R parts 160, 162, 164, the HIPAA Privacy and Security rules, the HITECH Act, and the Omnibus Rule Change of the HHS regulations. Given the expertise and specialized legal background, such a legal opinion from EMR Legal should carry considerable weight with HHS, courts, or other agencies involved in HIPAA compliance.
Email us for more information.