HIPAA Consulting
HIPAA consulting firms are most often firms of compliance experts with a deep understanding of the Health Insurance Portability and Accountability Act and associated legislation that can provide advice to HIPAA-regulated entities about HIPAA and HITECH compliance. Usually, each firm has a team of consultants specializing in various aspects of the Act, with their areas of expertise including risk assessments, training, and incident management.
The role of a HIPAA consulting services firm is to assist Covered Entities (CEs) and Business Associates (BAs) with the compilation and enforcement of HIPAA compliant policies and strategies. The firm´s involvement in an organization´s compliance efforts is no guarantee that a breach of PHI will not occur, but it can be a mitigating factor in subsequent OCR investigations.
Who Needs HIPAA Consulting Services?
Ideally everybody. Not necessarily to guide CEs and BAs along the complex path of compliance from start to finish, but sometimes just to audit HIPAA policies and strategies in order to identify any gaps or areas in which compliance efforts could be improved. The Privacy and Security Rules are particularly complex, and a fresh pair of eyes can often see things that a team of legal experts overlooks.
One problem with engaging a HIPAA consulting services firm is evaluating the benefit if a CE or BA does not subsequently suffer a breach of PHI. What is the likelihood it would have suffered a breach anyway? Of course, suffering a breach of PHI after a consultant has reviewed a CE´s policies and strategies is not necessarily the fault of the consultant. It could have been due to an act by a rogue employee.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
How Much Does HIPAA Consulting Cost?
That depends on the size of the CE or BA, its “compliance complexity” and the level of assistance required. HIPAA consulting fees can range from a few hundred dollars into the tens of thousands according to whether a consultant is required to review a handful of documents to ensure they are compliant, or whether the CE or BA needs start to finish HIPAA guidance.
Regardless of the cost of HIPAA consulting, it can be a worthwhile investment. It only takes one avoidable gap in HIPAA compliance policies or strategies for a breach of PHI to occur and the OCR to issue a considerable fine. Even without a breach occurring, a CE or BA can be issued a fine for non-compliance with HIPAA following an audit or other investigation.
How Do I Know if I Need HIPAA Consulting Services?
As a CE or BA, you should have a security awareness and training program based upon the results of HIPAA risk assessments. The simplest and most cost-efficient way of finding out if you need HIPAA consulting services is to have a consultant review your training programs. If there is anything missing from your training programs, the likelihood is there is room for improvement elsewhere in your HIPAA compliance efforts.
