The Circumstances and Challenges
The organization was in the final phase of a due diligence process to complete the sale/purchase of its urgent care clinic network, with over 55 locations. During this process a third-party independent HIPAA Risk Analysis was required, addressing the security rule and privacy and breach rule, as well as reviewing policies and procedures and related information security manuals.
The Selection of a Consulting Firm
An unusual level of sensitivity and confidentiality was requested, resulting in the clinic network’s legal counsel making the consulting arrangements with The Fox Group, LLC. As part of the HIPAA risk analysis, staff members were interviewed, consultants visited several of the locations of the clinics, policy and procedure manuals were assessed, and gaps were identified in the documentation and activities compared to HIPAA privacy and security rule requirements.
The Solution, Outcome, and ROI
The Fox Group, LLC initially provided a custom designed risk assessment checklist for the client to identify details of the system and collect available documentation. Through the interview process with significant stakeholders, and the on-site visit to various facilities, the existing regulatory compliance was assessed.
Some of the work plan details included performance of a HIPAA/HITECH risk analysis covering the HIPAA Security Rule and HIPAA Privacy/Breach Rule, and assessing current policies and practices. In addition, The Fox Group, LLC assessed the staff’s understanding of HIPAA and knowledge of current policies and practices.
Based on the observations, and the documentation reviewed, a report was provided, identifying actionable steps the client could take to come into compliance with the requirements of the HIPAA Privacy/Breach and Security Rules.
Significant findings were identified for correction, which was critical to be in compliance with regulatory agencies. The outcome minimizes the possibility of expensive fines and fees being assessed. An excellent Return on this Investment (ROI)!
The materials provided will also assist in the sustainability of HIPAA compliance throughout this Urgent Care Center network of clinics for the new owners.