Our Compliance services are designed to help organizations achieve their efforts to ensure that they are aware of and take steps necessary to comply with relevant laws and regulations such as the HIPAA Security Rule or the Federal Information Security Management Act (FISMA). We can assist you by performing an assessment to determine your organization’s compliance with applicable laws and regulations and report on the results of our assessment.
Select an Compliance Solution
If your organization is defined as a covered entity or a business associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) that handles electronic protected health information (“ePHI”), you are required to implement policies necessary to secure such information in accordance with the HIPAA Security Rule.
We can assist organizations that are required to comply with the Federal Information Security Management Act (FISMA) requirements that may require an independent assessment of its security controls in accordance with the National Institute of Standards and Technology (“NIST”) Special Publication 800-53 rev3 (“SP 800-53”).
The enactment of the Patient Protection and Affordable Care Act (ACA) of 2010 gave way to the creation of the federal and state Health Insurance Exchanges (HIXs or marketplaces) which facilitate the purchase of health insurance by consumers and small businesses. The Exchanges handle Personally Identifiable Information (PII), Protected Health Information (PHI), and Federal Tax Information (FTI) and the functions of the Exchanges require data from various federal agencies, including the Department of Health and Human Services (HHS), Internal Revenue Service (IRS), Social Security Administration (SSA), and Department of Homeland Security (DHS).
The Gramm-Leach-Bliley Act (GLBA) of 1999 requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.