If your organization is defined as a covered entity or a business associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) that handles electronic protected health information (“ePHI”), you are required to implement policies necessary to secure such information in accordance with the HIPAA Security Rule.  Additionally, the HITECH Act includes requirements for organizations that store ePHI to implement procedures to report the breach of unprotected ePHI.  AARC-360 can help you by performing an assessment to determine your organization’s compliance with the HIPAA Security Rule and will evaluate your incident response and breach reporting procedures against the HITECH requirements.

AARC-360 can either issue an Attestation of Compliance report in accordance with AICPA’s Statement on Standards for Attestation Engagements No. 18 (AT-C Section 105, Concepts Common to All Attestation Engagements; AT-C section 315, Compliance Attestation) for the HIPAA Security Rule.  Alternatively should the organization need a report only for internal use, AARC-360 can issue an Assessment report with results of our assessment including gaps wherever identified and recommendation to remediate them.