Seraphim
Healthcare Compliance
Assess your organization's HIPAA compliance covering the Privacy Rule, Security Rule, and Breach Notification Rule. Essential for covered entities and business associates handling PHI.
HIPAA establishes national standards for protecting sensitive patient health information (PHI). Enforced by HHS Office for Civil Rights (OCR), it applies to covered entities and their business associates.
PHI use, disclosure, and patient rights
Do you have written policies governing PHI use and disclosure?
Do you apply the "minimum necessary" standard when using or disclosing PHI?
Can patients access, amend, and request accounting of disclosures of their PHI?
Do you obtain written authorization before using PHI for marketing or selling PHI?
Security management, workforce, and access controls
Have you conducted a comprehensive risk analysis of ePHI?
Do you have a designated Security Officer responsible for HIPAA compliance?
Do you provide regular security awareness training to all workforce members?
Do you have contingency plans including data backup and disaster recovery?
Facility access, workstation, and device security
Do you have facility access controls limiting physical access to ePHI systems?
Do you have policies for workstation use and physical security?
Do you have procedures for device disposal and media re-use ensuring ePHI removal?
Access control, audit, integrity, transmission security
Do you implement unique user identification for all users accessing ePHI?
Do you encrypt ePHI at rest and in transit?
Do you maintain audit logs tracking access to ePHI?
Do you have automatic logoff and session timeout for systems with ePHI access?
Incident response and notification requirements
Do you have documented breach identification and response procedures?
Can you notify affected individuals within 60 days of discovering a breach?
Third-party vendor compliance
Do you have Business Associate Agreements (BAAs) with all vendors accessing PHI?
Do your BAAs include required provisions (permitted uses, safeguards, breach reporting)?
Do you periodically assess business associate compliance?
Our consultants help healthcare organizations implement HIPAA-compliant systems, conduct risk assessments, and prepare for OCR audits.
💬 Get Free ConsultationThe Health Insurance Portability and Accountability Act (HIPAA), enacted in 1996, establishes national standards for protecting sensitive patient health information. The law includes the Privacy Rule, Security Rule, Enforcement Rule, and Breach Notification Rule.
Penalties range from $100 to $50,000 per violation (up to $1.5 million annually per category). Criminal penalties include up to $250,000 and 10 years imprisonment for willful violations.