What is a Gap Analysis?
A HIPAA Gap Analysis is a focused review and analysis of a covered entity or business associates’ enterprise. In addition it will review the flow of protected health information (PHI), the information systems hardware and software systems that use, disclose and store PHI, and the safeguards in place to protect the information. The HIPAA Gap Analysis is a great help to begin your review but it will not take the place of a HIPAA Risk Analysis.
Items Included in a Gap Analysis
The items reviewed in a HIPAA Gap Analysis include the administrative, physical and technical safeguards that are used to protect PHI. First reviewed are administrative safeguards which include policies, procedures, and related documents. It also includes the appointment of a privacy and security official and training on the organizations policies and procedures. Secondly, physical safeguards protect information systems and related equipment and facilities from hazards and intrusions. They also protect paper PHI that is maintained in the course of business within the organization. Finally, technical safeguards protect ePHI by applying mechanisms to protect the confidentiality, integrity and availability of the data. These safeguards control access to PHI and assure the information is true and accurate. It must also be available for those authorized to use the information to perform their job functions.
The Focus of a Gap Analysis
The analysis will determine if the entity’s policies and procedures are in compliance with the requirements of the HIPAA Privacy and Security Rules as amended by the HITECH Act (HIPAA Rules). In addition it will identify the areas where an organization does not comply with the regulatory standards of the HIPAA Rules affording it the opportunity to determine what it needs to bring it into compliance.
An IT security consultant will review the security of the electronic systems to assure it conforms with industry standards and HIPAA Security Rule requirements and addressable standards.
How It Can Help You
Above all the gap analysis will give HIPAA-covered entities and their business associates an overall view of their compliance efforts. Secondly it will help them discover areas where they are yet to be compliant with HIPAA Rules. Finally, it will identify any gaps in the controls. Most importantly it will give the organization a bird’s eye view of the HIPAA program’s health and its short comings. This will give the Privacy Officer the information needed to move forward with the program.
Cost of HIPAA Gap Analysis begins at $2,500
Most importantly we will help your organization with a Gap Analysis to define the state of your HIPAA Privacy Plan. Finally we can review your program and offer practical information to know how best to focus you HIPAA efforts.