HIPAA Compliance

STIGroup as a significant track record of success with organizations in the healthcare industry.  We work with companies on the execution of the strategic and tactical initiatives required for HIPAA Compliance as well as any overlapping or supplementary regulatory requirements applicable to your business such as FDIC, GLBA, and PCI-DSS. Our services, project methodology, and best-of-breed vendor partnerships allow us to work with your organization to achieve and maintain regulatory compliance in a cost efficient manner, while effectively aligning your regulatory compliance strategy with the goals of your business.

STIGroup has a HIPAA Consulting program specifically designed to help your business address the challenge that HIPAA compliance presents. Our experienced consultants will work with your team to cost effectively take you through the HIPAA Compliance process, to include:

  • Identify your organizational, policy, procedure, and documentation requirements and scope for HIPAA (and identify technical and procedural strategies for minimizing the scope, thereby reducing the cost of compliance)
  • Assess and evaluate the application of the required Administrative, Technical and Physical safeguards to establish the Confidentiality, Integrity and Availability of ePHI.
  • Clearly identify the gaps in your existing policies, procedures, and technical implementations that require remediation.
  • Define a specific action plan to achieve a HIPAA compliant state, including budgets, timelines, and resource plans.
  • Execute most required remediation tasks and complete the appropriate documentation, including policies and compensating controls, in a timely fashion.
  • Assist Covered Entities with the implementation of reasonable and appropriate policies and procedures to comply with the Privacy & Security regulations to protect ePHI.
  • Conduct Business Associate and Subcontractor reviews to confirm all requirements are met.

For organizations that have already achieved HIPAA compliance or are currently in the process of doing so, STIGroup offers consulting services to supplement your current efforts by providing resources and expertise to fill a gap or execute on a tactical project. Our experienced and talented professionals will work with your organization to help you achieve your compliance goals.  Our HIPAA specific service offerings include the design, implementation, and/or remediation of:

Technical Safeguards
  • Access control
  • Audit Control
  • Integrity
  • Person or Entity Authentication
  • Transmission Security
Administrative Safeguards
  • Security Management and processes
  • Workforce security and Information Access Management
  • Security Training, Incident Response procedures
  • Contingency Plan, Evaluation, Business Associate Contracts
Physical Safeguards
  • Facility Access Controls
  • Workstation Use & Security
  • Device & Media Controls
Organizational Requirements
  • Business Associate Contracts
  • Other Agreements
  • Policies, Procedures, and Documentation Requirements