Safeguard PHI across the Security, Privacy and Breach Notification Rules.
HIPAA compliance for covered entities and business associates: Security Rule administrative/physical/technical safeguards, Privacy Rule minimum-necessary and consent, Breach Notification Rule chains. Optional HITRUST CSF r2 uplift.
Administrative, physical, technical safeguards; encryption in transit and at rest; audit controls.
Notice of Privacy Practices, minimum necessary, patient access rights.
Risk-of-compromise assessment, HHS/OCR notification workflow, media notification thresholds.
HIPAA is the law; HITRUST CSF is a prescriptive framework enterprise health plans often require in vendor DDQs.
A senior consultant will respond within one business day with a scoping questionnaire and proposal outline.