HIPAA Compliance

Any organization maintaining or transmitting electronic Protected Health Information (ePHI) must comply with HIPAA. And that now includes business associates, like contractors and subcontractors that perform services on behalf of a covered entity. So if you find yourself under the HIPAA umbrella, you need a skilled team to help you prove compliance.

38North’s senior-level consultants currently support multiple healthcare and research providers, and we have significant experience measuring HIPAA compliance and implementing an arsenal of required safeguards. Trust Us to Get You There.

Contact Us Now

38North Is Your HIPAA Cloud Advisor

HIPAA compliance has been around since the mid-1990s — longer than today’s modern cloud infrastructure. When healthcare met the cloud, the importance of HIPAA grew exponentially. And we go back to the very start of that intersection, as the original cloud security consultants — helping healthcare organizations protect ePHI in the cloud.

Core HIPAA / HITECH Rules and Requirements

HIPAA is comprised of three separate rules, each of which have specific requirements for the handling and disclosure of ePHI. Knowing what to do with which, and when, can sometimes be confusing.

Security Rule

Privacy Rule

Breach Notification Rule

Security Rule

The HIPAA Security rule requires administrative, physical and technical controls to be in place to protect ePHI. Risk assessments must be conducted to prevent unauthorized access, and covered entities and business associates must comply with the rules.

Privacy Rule

The HIPAA Privacy Rule establishes rules and regulations for the use and disclosure of personal health information, governs patient consent when it comes to data sharing, and outlines patient rights regarding their data.

Breach Notification Rule

The HIPAA Breach Notification Rule requires organizations to notify affected individuals, HHS, and in certain cases the media, if there is a potential risk of data breach.

38North HIPAA Compliance Services

We take a holistic view of your compliance challenges, integrate them into your existing information security and privacy programs, while remaining sensitive to your budgetary and resourcing constraints.

HIPAA Gap Analysis

This is perfect for organizations that are new to HIPAA/HITECH regulations and don’t know how to get started. Our HIPAA gap analysis educates you on the process while taking a look at your information security and privacy programs to see how they fare against the three HIPAA rules. We also advise you on how much it will cost to attain HIPAA/HITECH compliance, identify any risks and/or challenges and focus on the most critical items to get you ready for action.

HIPAA Risk Assessment

We conduct a detailed HIPAA-focused risk assessment to gain an understanding of your business and existing security and privacy controls to see how they fare against all HIPAA/HITECH requirements. We then present you with a detailed roadmap with prioritized recommendations on remediating weaknesses with existing administrative, physical and technical safeguards.

HIPAA Remediation Support

Once you’ve obtained an unbiased view of your compliance posture, it’s time to start planning, developing and implementing remedial measures. This may be in the form of new technologies, policies, plans and/or procedures or training and awareness sessions. It also may include tailoring organizational processes to squeeze a little more out of your existing investments.

Let’s Get (and Keep) You HIPAA Compliant

Book an initial HIPAA compliance conversation with one of our global security experts today and we’ll show you how compliance can help open new markets and provide industry-leading assurance.

Contact Us

Name(Required)

First Name Last Name

Company Name

Email Address

Phone Number

Message

(Please do not provide additional PII in this box)

Phone

This field is for validation purposes and should be left unchanged.