NASHVILLE, Tenn.--(Kroll Advisory Solutions, the global leader in risk mitigation and response, today announced the release of its HIPAA Self Risk Assessment (HSRA) for use by covered entities that are required to comply with HIPAA and HITECH regulations. Kroll has based the self-guided assessment on HIPAA standards and HITECH provisions, industry best practices, and guidance from the National Institute of Standards and Technology (NIST).)--
“Grant Peterson is a leader in this field and brings a dynamic blend of HIPAA regulatory and audit preparation expertise to the project.”
Kroll Advisory’s assessment and its results will help covered entities and business associates identify vulnerabilities that may endanger Protected Health Information (PHI) within their IT systems, and recognize opportunities to improve privacy and security. Questions based on the HIPAA Privacy and Security Rules, and HITECH Act implementation specifications have been segmented and mapped into a user-friendly format that also displays links to authoritative resources, helpful tips, and the regulations themselves. The final report, which documents completion of the assessment, includes overall scoring for an “at-a-glance” view, as well as full responses to each question, and guidance toward a better understanding of next steps.
Developed in collaboration with Grant Peterson, JD, chief compliance officer and founder of HIPAA Analytics, the tool produces valuable performance measurements, remediation insight, and forms for attestation of HIPAA and HITECH compliance status. It is delivered via Kroll’s secure client portal for on- demand access, collaboration among multiple stakeholders, and reporting review. The competitively priced program allows for one year of unlimited access. The assessment may be taken as often as desired within a 12-month period, supporting the HHS recommendation for periodic review and update as a health care organization adopts new technology or business methods.
Such updates in health care settings are inevitable, as providers and payers march toward the 2015 Meaningful Use deadline established in 2009, when Congress passed the Health Information Technology for Economic and Clinical Health (HITECH) Act. Almost $30 billion was set aside in incentives to encourage doctors and hospitals to adopt and “meaningfully use” Electronic Health Records (EHRs), shifting from physical to digital patient data. HITECH established penalties for non-compliance as well, both in the form of fines and through the reduction of Medicare/Medicaid payments.
“When the HIPAA Security Rule set forth the expectation to perform a risk assessment, there was no specific guidance about what to do, or how,” said Danny Creedon, a Managing Director and leader of Kroll Advisory Solutions’ IT Risk Assessment offerings. “The concept of ambiguity combined with penalty created more than a little concern among our health care clients.”
“Kroll has been conducting and consulting around risk assessments for years. However, when we began developing the health care-specific model, it was important to supplement our expertise with an insider’s grasp of health care’s distinct regulatory environment,” said Brian Lapidus, a Senior Vice President with Kroll Advisory Solutions. “Grant Peterson is a leader in this field and brings a dynamic blend of HIPAA regulatory and audit preparation expertise to the project.”
More than just a standalone assessment, this product is augmented with Kroll’s unique capabilities and end-to-end approach to information security. Health care organizations need a dynamic approach to evaluating and managing IT data security risks, and Kroll delivers this with insight and expertise in analyzing organizational results and offering next steps.
The HIPAA Self Risk Assessment illustrates Kroll’s ongoing service to health care, reflected through its work with HIMSS Analytics on the 2008-2012 patient data privacy studies and its resolution of breach events. The new HSRA tool is the first in a series of new risk assessment tools from Kroll.
About Kroll Advisory Solutions
Kroll Advisory Solutions, the global leader in risk mitigation and response, delivers a wide range of solutions that span investigations, due diligence, compliance, cyber security and physical security. Clients partner with Kroll Advisory Solutions for the highest-value intelligence and insight to drive the most confident decisions about protecting their companies, assets and people.
Kroll Advisory Solutions is recognized for its expertise, with 40 years of experience meeting the demands of dynamic businesses and their environments around the world. Headquartered in New York with offices in 29 cities across 17 countries, Kroll Advisory Solutions has a multidisciplinary team of 700 employees.
Kroll Advisory Solutions is an Altegrity company. Learn more at www.krolladvisory.com.