Internal Patient Privacy Complaint Investigation and Resolution
Patients have the right to report privacy complaints, and HIPAA requires that organizations investigate these concerns. RMHG can investigate system and application log data, interview staff, and represent your organization in complainant facing communications, striving to pinpoint the accuracy of complaints and deliver a report of findings and recommendations, including efforts to avoid escalations and follow up complaints to the Office for Civil Rights (OCR), as well as contingency planning in case of a complaint to OCR.
Inappropriate Access to PHI Investigation and Resolution Investigating alleged inappropriate access to PHI by your organization’s staff can be a time consuming and burdensome process. In partnership with your HR division, RMHG can perform investigations, including staff interviews and application log and audit trail analysis, to determine if access was appropriate or inappropriate, along with recommendations for appropriate sanctions and remediation.
Interim Privacy Officer Are you a Privacy Officer who will be away from your position for an extended period of time and need someone to perform your job duties in your absence? Is your organization’s Privacy Officer taking an extended leave or have they resigned? RMHG can provide interim Privacy Officer staffing.
HIPAA Security Duties Outsourcing:
Virtual CISO as a Service
The Virtual Chief Information Security Officer offering is intended for organizations that need an expert and seasoned information security leader to own the growth of the information security program but do not require an expensive and hard-to-find permanent, full-time CISO on staff.
Technology Contract and Business Associate Agreement Negotiation
Are you a covered entity dealing with business associates that are not sophisticated in understanding covered entity information security requirements? Have you reached stalemates on issues such as remote access, medical device security vigilance, or the right to audit HIPAA Security Rule compliance? RMHG can negotiate in good faith and represent your organization with your best interest foremost while seeking paths to reasonable and acceptable compromise in order to enable secure acquisition of technology.
Technology Project Information Security Review
HIPAA requires that baseline security assessments be performed for implementations of systems that handle ePHI, as well as for upgrades to systems that handle ePHI. If you are implementing new technology or performing a major upgrade, RMHG can assess the security vigilance of applications and technology.
Interim Information Security Officer
Is your organization without an acting Information Security Officer? RMHG can provide information security strategic and tactical leadership to keep your organization on track during extended periods when an Information Security Officer is not present.
Interim Information Security Manager Does your organization have a current vacancy in the Information Security Manager position? RMHG provides operational information security expertise to manage the day-to-day operations of your information security program while you search for a permanent candidate.
NIST SP 800-53A Application Security Controls Assessment In addition to complying with HIPAA, it’s in the best interest of organizations to “do the right thing” and be vigilant to protect systems that handle ePHI by verifying and implementing appropriate application security controls with industry standard frameworks like NIST SP 800- 53A. RMHG can provide NIST SP 800-53A application security controls assessment for technology that you are acquiring or that your information technology department is developing in house.