FAQ
PCIHIPAA specializes in compliance and data protection. We customize simple, turnkey programs for medical practices to easily protect their patient data, and comply with PCI and HIPAA regulations. If you’re ever breached due to an employee error, theft or any other unforeseen emergency, we become your incident response team. We have assembled a team of experts in every area of compliance and asset protection to help you manage any data related incident. With a PCI and HIPAA data breach reimbursement guarantee, you maintain peace of mind if a violation or data breach occurs.
First, we provide you with a mandatory (by HIPAA) risk assessment survey to reveal any vulnerabilities. Then we create a customized compliance and data protection program to meet your needs and ensure that we fully protect your data in accordance with HIPAA. Through our data protection initiatives, we can save a practice thousands of dollars in potential data breaches and HIPAA fines. Additionally, we will protect your practice by providing $300,000 in coverage in the event of a data breach or payment card industry violation.
We are experts in all facets of data protection and the HIPAA law. Our customized compliance and data protection program will help your practice become fully compliant and enjoy full protection in fewer than 60 days. Unlike other compliance services, we also provide protection to your practice’s assets. We take the guesswork out of PCI and HIPAA compliance and protect you from the devastating effects of potential data breaches, fines and violations.
OfficeSafe™ is a compliance tool and document portal created by PCIHIPAA that helps practices navigate HIPAA compliance and protect PHI. With OfficeSafe™ practices can more easily train their employees on HIPAA compliance with quick access to videos, quizzes and other resources; they can store their updated HIPAA policies and Risk Assessment results in one central location, create emergency and incident response plans and generate customized Business Associate agreements. Practices can easily add users to their company’s account giving their employees access to all of their compliance documents and resources.
Our proven formula can fix most practice’s key vulnerabilities within 60 days. We work closely with your HIPAA Security Officer or Office Manager to quickly and easily help mitigate your risk, and most importantly, keep your patient data safe.
PCI stands for Payment Card Industry. If your practice accepts any form of electronic payment, you must be PCI compliant. PCI compliance is governed under the payment card industry.
At a minimum, you must take an annual Self Assessment Questionnaire (SAQ). In addition, you must perform a scan of your IP address every quarter to insure your IP address is not under attack. Often your credit card processor will charge you additional fees if you have not provided documentation that you are PCI compliant. In addition, every practice must have a credit card terminal that can accept chip cards (EMV). Otherwise, you face additional liability resulting from any fraudulent credit card activity.
A Business Associate is a person or entity (other than a member of the practice), who provides services to the practice that involves access to protected health information. HIPAA requires that covered entities and BA’s enter into contracts with practices to ensure that BA’s appropriately safeguard health information.
All covered entities under HIPAA must securely back up “retrievable exact copies of electronic protect health information” (CFR 164.308(7)(ii) (A)). Your data must be recoverable and you must be able to fully “restore any loss of data” (CFR 164.308(7)(ii) (B)). In addition, you must store your data off site. The data is not properly secured if a backup copy is stored in the same location as the original data.
We wish it were that easy. The Omnibus Rule made significant changes to HIPAA’s Privacy, Security, Breach Notification and Enforcement Rules. It became effective on March 26, 2013, and covered entities had 180 days from the effective date to become compliant. We advise our clients to start with a Risk Assessment to better understand their vulnerabilities. There is no HIPAA certification. However, PCIHIPAA makes it easy to establish a culture of compliance by taking the right first steps. Take Your Mandatory HIPAA Risk Assessment. Visit http://pcihipaa.com or call 800.588.0254.
A Risk Assessment is mandatory. Under the HIPAA Security Rule § 164.308(a)(1)(ii)(A), a Risk Assessment is the foundation for understanding the vulnerabilities and threats to your practice. It’s critical that you take the steps to understand them.
The rules are enforced by the Office of Civil Rights (OCR). The fines range from $100 to $50,000 per violation, and up to $1,500,000 annually if a practice knowingly neglects to correct a HIPAA violation.
Generally not. However, PCIHIPAA’s Compliance Program provides a guaranteed expense reimbursement policy of $100,000 per incident for a HIPAA violation and $200,000 for a PCI violation and/or a data breach.
Encryption is a method of converting an original message of regular text into encoded text. The text is encrypted by means of an algorithm (type of formula). If, after a Risk Assessment, the practice has determined that encryption is an appropriate safeguard of the confidentiality, integrity and availability of patient information, then it is required.
To learn more about PCIHIPAA, visit http://pcihipaa.com or call 800.588.0254.
