HIPAA Privacy and Security & HITECH Consultants

FLANK provides HIPAA and HITECH consulting, auditing, and policy and procedure writing services for organizations needing to comply with the ever-expanding HIPAA Security | Privacy and HITECH mandates. With today's growing compliance mandates in the healthcare industry, any entity storing, processing, and/or transmitting Personally Identifiable Information (PII) and Protected Health Information (PHI) will need to become HIPAA and/or HITECH compliant.

HIPAA Toolkits & Policy Templates for Download

FLANK offers industry leading Health Insurance Portability and Accountability Act (HIPAA) documents designed specifically for assisting Covered Entities (CE), Business Associates (BA), and all other healthcare related entities with today’s rigorous HIPAA & healthcare compliance mandates. The material has been exhaustively developed by industry leading professionals with years of HIPAA, information security, cyber security, operational and regulatory compliance expertise.

HIPAA Security Rule Policies and Procedures Templates Packet

Developing comprehensive security policies and procedures is essential for HIPAA compliance, and it’s why we offer a complete package of professionally researched, well-written, an easy-to-use and implement HIPAA Security Rule policies and procedures templates. Healthcare entities all throughout North America have been relying on our HIPAA policy templates as they contain both policies and procedures sections for ensuring rapid and complete compliance with the HIPAA Security Rule mandates.

HIPAA Privacy Rule Policies and Procedures Templates Packet

Developing comprehensive privacy policies and procedures is essential for HIPAA compliance, and it’s why we offer a complete package of professionally researched, well-written, an easy-to-use and implement HIPAA Privacy Rule policies and procedures templates. Healthcare entities all throughout North America have been relying on our HIPAA policy templates as they contain both policies and procedures sections for ensuring rapid and complete compliance with the HIPAA Privacy Rule mandates. the product data sheet to learn more.

HIPAA Office Forms and Templates Packet

There are numerous HIPAA forms that must be in place for healthcare facilities, particularly when it comes to facilitating patient and client communication. Our professionally developed, easy-to-use, and implement HIPAA Office Forms and Templates Packet comes complete with all essential documents you need for ensuring proper patient documentation is in place.

Background on HIPAA Privacy and Security

The Health Insurance Portability and Accountability Act (HIPAA) is a comprehensive set of healthcare provisions enacted by the United States Congress and subsequently signed into law by President Bill Clinton in 1996. It effectively mandated broad-based legislation regarding healthcare access, portability, renewability, along with security and privacy rules for electronic health records and related information ("protected health information" | PHI, and subset thereof known as "electronic protected health information | ePHI).

Within Title II of HIPAA, the main emphasis has been that of the "Privacy Rule" and the "Security Rule", two (2) critically important legislative mandates that established, for the first time, a set of national standards for the protection of certain health information (the "Privacy Rule") along with establishing a national set of security standards for protecting certain health information that is held or transferred in electronic form.

Being "compliant" with HIPAA is a broad statement indeed, due in large part to the depth of the HIPAA legislation itself. While Title I and Title II of HIPAA contain numerous, far-reaching provisions for many organizations in the health and benefits arena, great emphasis has been in placed on the Privacy Rule and the Security Rule regarding regulatory compliance due to their applicability to many entities. Additionally, supporting legislation from subtitle D of The Health Information Technology for Economic and Clinical Health ACT of 2009 (HITECH) strengthens the civil and criminal enforcements of the HIPAA Privacy and Security Rules. Additionally, it must be noted that for both the Privacy Rule and Security Rule, along with the mandates within subtitle D of HITECH, organizations are identified as either a "covered entity" or a "business associate".

A "covered entity" is defined as that of:

  • A health plan.
  • A health care clearinghouse.
  • A health care provider who transmits any health information in electronic form in connection with a transaction covered by this subchapter [e.g., HIPAA Administrative Simplification transaction standards].

A "business associate" is defined as that of a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity. Simply stated, business associate functions and activities include vary widely and can include claims processing or administration; data analysis, processing or administration; utilization review; quality assurance; billing; benefit management; practice management and data warehousing, just to name a select few.

Because the technical definition of a "business associate" is now close to being a decade old, emerging technologies and business since 2003, such as data centers, Software as a Service (SaaS) center, and managed services providers, can now be classified as such. Additionally, it’s important to note that the Final Omnibus Rules of January, 2013, greatly expanded upon what the definition of what constitutes a “business associate”.

As such, FLANK provides the following services related to HIPAA and HITECH:

  • HIPAA Privacy and Security Rule and HITECH auditing and consulting services, such as Gap Analysis and Readiness Assessments.
  • Development of customized HIPAA Policies and Procedures for "covered entities" and "business associates".
  • Active assistance with implementation of all necessary policies, procedures, and practices within one's organization for ensuring compliance with HIPAA and HITECH.

It's critically important to note that documented policies and procedures are a cornerstone of being compliant with the HIPAA Privacy and Security requirements. What you need is an all-inclusive set of documented templates from a trusted source, and that's FLANK.  

As for the Privacy Rule and the Security Rule, they can be found within the Code of Federal Regulations | Title 45 | Public Welfare | Parts 1 to 199 effectively detailing the following sections:

The Privacy Rule

  • 164.500: Applicability
  • 164.501: Definitions
  • 164.502: Uses and Disclosures of Protected Health Information: General Rules
  • 164.504: Uses and Disclosures: Organizational Requirements
  • 164.506: Uses and Disclosures to Carry out Treatment, Payment, or Health Care Operations
  • 164.508: Uses and Disclosures for which an Authorization is Required
  • 164.510: Uses and Disclosures Requiring an Opportunity for the Individual to agree or to Object
  • 164.512: Uses and Disclosures for Which an Authorization or Opportunity to Agree or Object is Not Required.
  • 164.514: Other Requirements Relating to Uses & Disclosures of Protected Health Information
  • 164.520: Notice of Privacy Practices for Protected Health Information
  • 164.522: Rights to Request Privacy Protection for Protected Health Information
  • 164.524: Access of Individuals to Protected Health Information
  • 164.526: Amendment of Protected Health Information
  • 164.528: Accounting of Disclosure of Protected Health Information
  • 164.530: Administrative Requirements
  • 164.532: Transition Provisions
  • 164.534: Compliance Dates for Initial Implementation of the Privacy Standards

The Security Rule

  • 164.302: Applicability
  • 164.304: Definitions
  • 164.306: Security Standards: General Rules
  • 164.308: Administrative Safeguards
  • 164.310: Physical Safeguards
  • 164.312: Technical Safeguards
  • 164.314: Organizational Requirements
  • 164.316: Policies and Procedures and Documentation Requirements
  • 164.318: Compliance Dates for Initial Implementation of Security Standards