HIPAA HITECH Compliance: No Substitute for Experience

Tuesday, May 03, 2011

Jack Anderson


A comprehensive privacy and information security program is needed to meet HIPAA HITECH, Red Flag, and other state and federal standards. 

Compliance Helper partnered with Rebecca Herold and Associates to develop the Prepare/Care program to help organization, large and small, get compliant, stay compliant, and prove compliance with the Compliance Meter. 

Rebecca Herold, CISSP, CIPP,  CISA, CISM, FLMI, has over two decades of privacy and information security experience and was recently voted the 3rd best privacy advisor in the world in competition with large law firms and consulting firms. 

She has done over 200 risk assessments and remediation of business associates.  Her step by step process, allows a client to work through templates of over 200 policies and procedures, and over 80 forms , tailoring them to their organization quickly and efficiently.  

But, bear in mind that compliance is a process, an ongoing process that requires attention on a monthly basis. The Care maintenance program delivers a monthly task list, updates of policies, procedures, and forms, and advice and support from your personal Helper. 

The Helper is a privacy and security expert assigned to each client to provide encouragement, advice, and occasional nagging to help them get through the process. 

The Compliance Meter provides a quick reference to the current compliance level of the client. It displays the percentage of policies, procedures, and forms that have been through the review, edit, approval cycle and the percentage of assigned tasks accomplished. 

If needed for further verification the "drill down" features allow a third party to see all activities, view policies, procedures, and forms remotely, thus providing complete transparency.

All of this is delivered through a cloud computing model that delivers the effect of an on-site consultant at a fraction of the cost.  It is like putting a privacy and information security expert on your staff for a few dollars a day. 

Jack Anderson, CEO, and Peg Anderson, VP Client Services, have been helping clients get accredited and compliant for almost a decade. They worked together at Validare, Inc. which helps office-based surgeries get accredited with The Joint Commission, and then in 2007 started Accreditation Helper to help Durable Medical Equipment companies get accredited. 

The technology platform and methodology they built for Accreditation Helper is perfectly suited for the delivery of HIPAA HITECH compliance. By partnering with Rebecca Herold in 2009 they were able to leverage her vast knowledge and experience and deliver it in a cost effective and efficient manner.

The combined experience of Rebecca, Jack, and Peg are unmatched in the HIPAA HITECH market. They have helped hundreds of organizations, of all shapes and sizes and we can help you. 

Whether you are a large enterprise looking to manage hundreds of internal business units, as well as business associates, a business associate looking to provide proof of compliance, or a very small sub-contractor, we have a solution that fits your needs and your budget.

Give us a call at 866-984-3573 ext 709, email Jack@ComplianceHelper.com or go to our website at www.compliancehelper.com for more information.

Possibly Related Articles:
Healthcare Provider
HIPAA Compliance HITECH Healthcare Covered Entity Business Associate
Post Rating I Like this!
Jack Anderson Good question Lance. We are seeing an influx of companies from the IT sector trying to get into the HIPAA HITECH arena.
If the vendor guarantees compliance or states that they offer "HIPAA Certification" run away. No one has any authority from HHS to certify and compliance is always the responsibility of the organization.
Check the credentials of the consultants and staff. Look for CISSP, CIPP, CISA, CISM, FLMI, etc.
Make sure they have strong healthcare backgrounds not just IT, because healthcare is quite different from other industries.
Remember it is privacy and security, because many companies focus on security to the detriment of privacy.
Get references, preferably an organization just like yours.
And always, of course, caveat emptor.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.