HIPAA Compliance

The high value of health care data makes health care organizations and partnering external vendors significant targets for cyber-criminals.

Taking a proactive approach to HIPAA compliance not only helps keep your organization current with legal requirements, but could also help prevent the hefty fines and damage control that accompany a breach. With more than 50 administrative, technical, and physical control requirements under HIPAA security rules to safeguard, verifying your security standing can be a complex process—with potential gaps often overlooked by internal teams that implement and administer controls.

With guidance from our professionals, you can complete risk assessments to align your controls with HIPAA security and privacy rules and protect the information of your patients and clients, while helping to reduce the risk of a data breach.

Solutions to Safeguard Current and Future Risks

Taking a comprehensive, forward-looking approach to HIPAA compliance, our professionals help position your cybersecurity processes and controls for long-term success, so you can identify compliance or risk gaps before a potential cyberattack.

Risk assessments can help a range of organizations including:

  • Hospitals, medical clinics, health plans, and other health care organizations
  • Software as a Service providers and other contractors serving the health care industry
  • Organizations storing employee health information

How the HIPAA Compliance Process Works

Developing a work plan for your organization, our professionals will help you:

  • Identify where protected health information (PHI) is acquired, transmitted, and stored within your systems
  • Review policies, procedures, and control implementations
  • Observe system settings and data protection mechanisms to secure electronic PHI
  • Conduct penetration testing to test and validate against HIPAA safeguards
  • Assess the design and effectiveness of controls and their alignment with the HIPAA safeguards

Following testing, you’ll receive a detailed report outlining all identified HIPAA security regulations and corresponding findings, as well as risk ratings with remediation recommendations to help you address and navigate potential vulnerabilities and gaps in compliance.

Expansive Health Care and Cybersecurity Experience

With dedicated Cybersecurity Services lines, our professionals have extensive knowledge of cyber-risk frameworks. Our collaborative approach takes the time to understand the specifics of your organization’s needs and strategically develop unique solutions contextualized among greater industry trends and activity.

Deeply immersed within the health care industry, our professionals understand the nuanced operations of health care organizations and the demands they require of their vendors.

While many organizations bring on contract specialists for HIPAA engagements, our professionals are dedicated to compliance services full-time and maintain collaborative relationships due to their extended experience together.

Insights

Primary Contact

Baker Tilly US, LLP, Baker Tilly Advisory Group, LP and Moss Adams LLP and their affiliated entities operate under an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable laws, regulations and professional standards. Baker Tilly Advisory Group, LP and its subsidiaries, and Baker Tilly US, LLP and its affiliated entities, trading as Baker Tilly, are members of the global network of Baker Tilly International Ltd., the members of which are separate and independent legal entities. Baker Tilly US, LLP and Moss Adams LLP are licensed CPA firms that provide assurance services to their clients. Baker Tilly Advisory Group, LP and its subsidiary entities provide tax and consulting services to their clients and are not licensed CPA firms. ISO certification services offered through Moss Adams Certifications LLC. Investment advisory offered through either Moss Adams Wealth Advisors LLC or Baker Tilly Wealth Management, LLC.