How Pit Crew handles HIPAA Compliance
Pit Crew IT Services provides experts in managed IT services. Third Rock (thirdrock.com), out of Round Rock, are experts in HIPAA compliance. Pit Crew has partnered with Third Rock, so that we perform HIPAA technical auditing and Third Rock performs HIPAA privacy auditing.
We put it all together, and Third Rock handles the logging of data, reporting, live interview/training process, and live result overview. In addition, Third Rock will help you create, update, and maintain policies and procedures regarding your HIPAA compliance. Lastly, Third Rock is always available to answer any other HIPAA compliance questions you might have.
By putting our two companies together, we feel we have one of the best, all-encompassing HIPAA offerings you can get your hands on. It’s not a packet you download online. You work with real people who tailor a HIPAA compliance solution to your specific needs. Go beyond compliance. Get HIPAA Compliance 360 and protect every aspect of your company.
Don’t wait. Start the HIPAA Assessment process today.
Enhanced HIPAA Compliance & Risk Assessment
HIPAA Compliance Risk Assessment
- Includes 3 hours of phone support to assist with setup, assessment, and remediation
- Onsite walkthrough performed by Pit Crew
Risk Assessment Summary
- Survey covering Administrative, Physical, Technical, and Organizational Safeguards.
- NIST SP800-66 and HHS OCR Compliant Assessment
HIPAA Risk Assessment Deliverables
- Risk Assessment Report with Compliance Scores
- Organization-wide Results Report
- Individual Survey Results Reports
- Remediation Plan
- Risk Register – Remediation list containing highest priority Risks and Corrective Actions.
- Business Associate Agreement Review and Compliance Recommendations
- Government audit preparation and support if required.
- This includes report generation and database tool assistance
- Audit assistance available (purchased separately as needed)
- One Year of HIPAA Compliance Support via e-mail
- One Year CompassDB Access
- Officer Training for CompassDB
- Real-time HIPAA Compliance Scoring
- HIPAA Body of Evidence Development and Management
- Policies and Procedures Access and Maintenance
- HIPAA Training Delivery and Logging (purchased separately as needed)
- One Year of HIPAA Compliance Support via e-mail and phone
Customized HIPAA Policies and Procedures
- Automatically updates to keep current with requirements
- Fully searchable
- Downloadable PDF for easy sharing with staff
- Risk Management Plan
- Breach Protocols and Procedures
- Set of log registers to track HIPAA
- Maintained and delivered electronically
Contingency Plan and IT Plan
- Ready to use, takes a few hours to customize
- Provided in PDF and MS Word format
- Saves around 60-160 hours of work
Want to see what we do for the healthcare industry?
What is HIPAA?
If you’re looking for information on HIPAA Compliance, you likely already know what HIPAA is. In case you aren’t familiar, the acronym HIPAA stands for the Health Insurance Portability and Accountability Act. HIPAA sets the standards for the managing of “protected health information” or PHI. PHI includes basically any data associated with a patient ranging from personal information to test results.
When storing this information electronically, HIPAA refers to the electronic data as ePHI. HIPAA compliance involves protecting patient data according to a set of standards. Consequently, these standards set specific requirements for network security and management. Organizations must protect any ePHI sent, received, stored, or created.
Who is effected by HIPAA Compliance?
HIPAA compliance is required of the following groups.
- “Covered entities” – Any healthcare organization that handles ePHI such as hospitals, doctors, dentists, pharmacies, and health insurance providers.
- “Business associates” – Service providers that send, receive, store, or create any ePHI for a “covered entity”. This extends to subcontractors of business associates as well if they handle ePHI as well. Examples of an associate would include a CPA, attorney, IT provider, billing service, and labs.
- “Workforce” – Any person associated with a “covered entity” or “business associate”. Employees, interns, volunteers, or any person under the “direct control” of the organization falls into this category.
You can read the full details of HIPAA for professionals on the HHS website.