Case Analysis : Topaz Information Solutions

1184 Words5 Pages
INTRODUCTION 1. PURPOSE Topaz Information Solutions, LLC (Topaz) is considered a business associate under the Health Insurance Portability and Accountability Act (HIPAA). A business associate performs certain functions or activities that involve the use or disclosure of protected health information (PHI) on behalf of or for a covered entity. As a business associate (BA), Topaz is required to complete an annual security risk assessment to evaluate the physical, administrative and technical safeguards implemented to comply with HIPAA’s Privacy and Security Rules. The Privacy and Security Rules require that a covered entity obtains satisfactory assurances from its business associates that the business associate appropriately safeguards the…show more content…
The methodology included in-depth interviews with Topaz‘s key operational and Information Technology (IT) staffs to understand and evaluate compliance with HIPAA Privacy and Security Rules. The Risk Management Team created and reviewed policies and procedures related to the HIPAA Privacy and Security Rules and identified and gaps and areas of concerns. The IT Supervisor and Chief Product and Technology Officer (CPTO) performed physical on-site visits to the data center to assess specific physical, environmental, and security controls. The Risk Management Team aggregated the results of the information collected into a high-level assessment matrix to identify areas of improvement. This matrix consists of addressable and required standards of the HIPAA Privacy and Security Rules. 1. HIPAA COMPLIANCE REVIEW The HIPAA Security Rule standards specify a series of administrative, physical and technical security requirements to ensure the confidentiality of electronic protected health information (e-PHI) that is accessed, processed, used or transmitted. These standards are divided into either required or addressable implementation specifications and provide the framework for Topaz to measure compliance. The Risk Management Team performed the following actions to determine compliance with each HIPAA Rule. 2. METHODOLOGIES USED Methodology Description Risk Assessment Completed the U.S. Department

More about Case Analysis : Topaz Information Solutions

Open Document