HIPAA Compliance Assessment

Maintaining compliance with the Health Insurance Portability and Accountability Act (HIPAA) is more important than ever.

Penalties for noncompliance with HIPAA and the HITECH Act can quickly escalate to millions of dollars, and the provisions affecting covered entities and business associates are wide-ranging. Media reports of security and privacy breaches can also be devastating—destroying the trust of your patients, employees, vendors and business associates. This is why HIPAA compliance assessments are so critical.

Additionally, without HIPAA compliance, many covered entities (health care providers, plans and clearinghouses) and business associates (persons or organizations with access to individually identifiable health information) are unable to tap into federal "Meaningful Use" funds for implementing electronic health records (EHR).

Whether you’re applying for meaningful use funds or simply concerned about maintaining compliance with HIPAA, it’s essential to conduct regular HIPAA compliance assessments.


Questions to ask about HIPAA compliance

With so much riding on your HIPAA compliance program, it’s imperative to ask some questions before your compliance assessment begins. These include:

  • Are you certain your HIPAA/HITECH compliance program can withstand regulatory scrutiny?
  • If you're pursuing meaningful use funds from the federal government to implement EHR, is the project progressing as expected?
  • Was your most recent HIPAA assessment conducted in the last year? (If not, it may need updating to reflect changes.)
  • Did your HIPAA assessment cover both security and privacy?
  • Have you selected a certified EHR vendor? Or will you need to consider choosing, implementing or converting to a certified EHR?



Are you on the right track or do you need to change course?

Regulatory compliance is challenging for most organizations. Whether you're short of staff or simply don't have the resources with the appropriate knowledge and expertise, RSM can help you develop the policies, procedures and processes you need to achieve and maintain HIPAA compliance.


Often, clients tell us they simply "want to know what they don't know." If that sounds familiar, a RSM HIPAA/HITECH readiness review or compliance assessment will provide you with a clear indication on how compliant you are now, and provide you with the specific actions required to change course.

RSM consultants assist organizations with the following HIPAA and HITECH Act compliance-related services:

  • Readiness review — determines how ready your organization is to comply with existing regulations, and includes reviewing documentation, interviewing selected managers and general observations.
  • Compliance assessment — includes an in-depth review and analysis of policies, procedures and documentation, interviews with staff and testing existing processes and controls.
  • Risk assessment — in compliance with HIPAA/HITECH regulations, we efficiently perform an accurate, thorough assessment, recording potential risks and vulnerabilities to the confidentiality, integrity and availability of protected health information.
  • Compliant policies and procedures — assists you in adding to or updating your HIPAA/HITECH policies and procedures based on findings of a readiness review or compliance assessment. Our experienced consultants can also assist in developing and implementing these policies and procedures.
  • Self-assessment training — using industry best practices, we train your personnel on how to conduct a HIPAA/HITECH compliance self-assessment. Training is customized to the attendees' experience levels.


Deep health care industry experience and knowledge

When you need outside assistance, it's important to choose the right partner. RSM understands the issues you face and works with you to customize a compliance plan that fits your organization's structure and culture.

When it comes to compliance—come to RSM.  Contact us about a HIPAA compliance assessment today.

How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Rapid Assessment®

Complete our Rapid Assessment form to be contacted about receiving our "quick-hit" diagnostic of your critical areas of operations.




Cybersecurity risks for employee benefit plans

  • January 11, 2018


Understanding cybersecurity and operational risks of cryptocurrency

  • November 09, 2017


Cybersecurity best practices and considerations for the public sector

  • October 26, 2017


Learn the real cost of a data breach

  • October 17, 2017


AML and regulatory compliance webcast series—Fall 2017

  • September 28, 2017


Beyond HIPAA compliance

Collaboration and alignment between IT audit and IT security helps health care organizations better manage information security risks.