HIPAA Risk Assessment: Telemedicine or House Call?

January 13, 2016

HIPAA Risk Assessment: Telemedicine or House Call?

House calls were a 19th century approach to medicine which died out for a simple reason, cost. Yet for many consulting companies this is still their approach to doing a HIPAA risk assessment. Put a $250 an hour consultant on an airplane and send them to the patient (client) with a clipboard and a checklist. Repeat the process until the proper amount of revenue has been created and then produce a report.

Back in 2001 we encountered the same model for helping healthcare organizations get accredited with JCAHO. Send a consultant with a binder of policies and procedures, repeat as necessary. It was inefficient, costly, and not very effective.

We had the brilliant idea of delivering the same consultant and the same content over the Internet! The consultant and the client could communicate through our software and the consultant could check and approve their work. This was more efficient and less costly for the client and enabled the consultant to handle many more clients without leaving home. In 2009 we applied this same model to HIPAA compliance and we have helped hundreds of covered entities and business associates, get compliant, stay compliant, and prove compliance with our Compliance Meter®.

Our partner, Automated Compliance Reporting (ACR2 Solutions) had the same brilliant idea for risk assessment. Their tools allow their consultants to work with clients through the Internet. If needed an SCAP scanner can be attached to the client’s network to do a technical assessment. Their on-line process is based on the NIST protocol which is the gold standard for risk assessment. The tool leads the client through a series of questions assisted by the consultant. Combined with the network scan this produces a Risk Assessment Report and Gap Analysis. This tool can be used for periodic risk assessments to track progress and focus compliance efforts.

Working together we have now developed a new program built on our well proven tools. Jumpstart was specifically developed for covered entities and business associates with 1-20 employees. Based on the “reasonable and appropriate” concept approved by HHS, Jumpstart can get an organization into initial HIPAA compliance in 72 hours and through the Cycle of Compliance, keep them compliant.

Telemedicine is a 21st century innovation that is reshaping the healthcare industry and Compliance Helper and ACR2 Solutions are offering the same approach to HIPAA compliance. Don’t settle for the 19th century approach of a house call.

For more information go to www.compliancehelper.com and try the Free HIPAA Risk Assessment.


Back to News