Information Technology Blog

Medical Practices and Their Business Associates Must Show Proof of HIPAA / HITECH Compliance

Did you know that, as a medical practice, you could be required to show proof of HIPAA / HITECH compliance for your organization, as well as for every business associates that handle your Patients Health Information (PHI)?

All medical practices and their Business Associates—including doctors, dentists, chiropractors, nurses, psychologists and other professionals that handle Patient Health Information (PHI)—are required to achieve and maintain security and compliance with the regulations set forth by the HIPAA and HITECH Acts. Security and compliance proof must be made available for review by auditors, and non-compliance can result in criminal penalties, fines, and even imprisonment for individual owners, employees, and Business Associates of any Covered Entity. In addition to their own practices, Covered Entities are also responsible for their Business Associates.

To comply with HIPAA and HITECH regulations, Covered Entities and Business Associates must prove they have appropriate PHI-handling processes in use. Likewise, Covered Entities must have written agreements and proof-of-compliance documentation from all Business Associates and subcontractors with access to PHI. When conducting audits, federal officials will check to see if organizations have implemented appropriate controls and safeguards to prevent unauthorized access and disclosure of sensitive patient data.

In addition to the requirements, the federal government also offers incentives to Covered Entities. Reimbursements totaling as much as $44,000 can be awarded to those that meet the Meaningful Use criteria, which include 15 Core-set requirements.

Through our partnership with eGestalt (, we are pleased to announce the availability of the latest version (V11) of our web-based security and compliance tool.  Using eGestalt’s tool, SecureGRC, we are able to create a HIPAA/HITECH Business Associate Compliance Assessment, which conducts an accurate and thorough analysis of an organization’s current compliance status.  Thanks to our joint efforts with eGestalt, we can offer our customers a comprehensive solution that quickly and cost-effectively enables governance, risk management and compliance.

Is your medical practice and all of the business associates that handle your patients' PHI compliant with HIPAA / HITECH regulations? We can help ensure that information is secure.

Contact one of our Technology Partners by leaving a comment below, or by calling 440-449-6800.


This entry was posted in Information Technology. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Both comments and trackbacks are currently closed.
© Copyright 2016 Skoda Minotti | Privacy Policy | Disclaimer | Remote Support
Cleveland 440-449-6800 | Akron 330-668-1100 | Tampa 813-288-8826
Website designed and developed by Skoda Minotti Strategic Marketing