Thu, Apr 4, 2013

New Kroll Risk Assessment Tool Helps Healthcare Business Associates & Subcontractors Address HIPAA Final Rule Compliance

Kroll Advisory Solutions, the global leader in risk mitigation and response, today announced the release of its Business Associate HIPAA Self Risk Assessment (BA HSRA). Kroll’s self-guided assessment is based upon HIPAA provisions, security best practices, and guidance from the National Institute of Standards and Technology (NIST).

The HIPAA Final Rule solidifies stringent data privacy and security requirements for business associates (BAs) and subcontractors. Businesses that provide services to covered entities like hospitals and physician practice groups may not be familiar with healthcare terminology or HIPAA requirements. While BAs and subcontractors may perform very different functions than does a healthcare provider, they are still required to comply in full with the HIPAA Security Rule and may also be required to comply with certain aspects of the HIPAA Privacy Rule. Kroll Advisory’s risk assessment tool and its results are designed to help BAs and subcontractors across a vast range of industries identify vulnerabilities within their Administrative, Physical, and Technical Security safeguards and pinpoint privacy aspects where improvement is needed.

“Under the Final Rule, an organization will be considered a business associate if it meets the definition, regardless of whether it has a business associate agreement in place,” said Brian Lapidus, head of the incident response and remediation group at Kroll Advisory Solutions. “Businesses that might not have known they were even considered accountable now find themselves directly liable for the security of sensitive Protected Health Information (PHI).”

Developed in collaboration with Grant Peterson, JD, chief compliance officer and founder of HIPAA Analytics, the Kroll tool produces valuable performance measurements, remediation insight, and forms for attestation of HIPAA compliance status. It is delivered via Kroll’s secure client portal, providing on-demand access, collaboration among multiple stakeholders, and reporting review. The competitively priced program allows for one year of unlimited access. The assessment may be taken as often as desired within a 12-month period.

“The HIPAA Omnibus rule has greatly expanded the scope of organizations required to comply, which will likely catch some vendors off guard, especially those who never considered themselves subject to enforcement by the OCR,” said Danny Creedon, a managing director and leader of Kroll Advisory Solutions’ IT Risk Assessment offerings. “Ultimately, the rule affects any organization that creates, receives, maintains, or transmits PHI for a covered entity. We strongly encourage these businesses to re-evaluate their risk management protocols as the OCR has indicated that HIPAA compliance audits will resume in the fall of 2013.”

Kroll’s risk assessment is mapped into a user-friendly format and contains links to authoritative resources, helpful tips, and the regulations themselves. The final report, which documents completion of the assessment, includes overall scoring for an “at-a-glance” view as well as full responses to each question and guidance on next steps. More than just a standalone assessment, this product can be augmented with Kroll’s unique capabilities and end-to-end approach to information security. Business associates need a dynamic approach to evaluating and managing IT data security risks, and Kroll delivers this with insight and expertise in analyzing organizational results and offering next steps.

About Kroll Advisory Solutions
Kroll Advisory Solutions, the global leader in risk mitigation and response, delivers a wide range of solutions that span investigations, due diligence, compliance, cyber security and physical security. Clients partner with Kroll Advisory Solutions for the highest value intelligence and insight to drive the most confident decisions about protecting their companies, assets and people.

Kroll Advisory Solutions is recognized for its expertise, with 40 years of experience meeting the demands of dynamic businesses and their environments around the world. Headquartered in New York with offices in 29 cities across 17 countries, Kroll Advisory Solutions has a multidisciplinary team of 700 employees.