Conducting business or evaluating opportunities in the healthcare space but unclear how to navigate the HIPAA Security and Privacy rules, or the Breach notification safeguards?

Leverage our cloud and cyber expertise to ensure the appropriate security, privacy and breach safeguards are in place to keep your business moving forward with confidence.

Why Choose Fortreum?

We simplify cloud and cybersecurity for our customers

Fortreum has enterprise grade experience with the right blend of technical and analytical experience to support your cybersecurity and cloud needs.

Contact us to discuss your cyber and cloud business needs. We’re happy to share our insights and work with you as your business evolves.

    Business Considerations

    Know What You Have

    Knowing what IT assets you have, how its protected (logical and physical) and where it exists are critical management functions for any organization responsible for HIPAA compliance. We recommend a HIPAA Gap Assessment to gain a better insight into your internal boundary, ePHI discovery, risk management, vulnerability management, 3rd party providers to ensure you understand HIPAA requirements.

    HIPAA & Cloud Considerations

    Are you leveraging cloud services and assume you inherit their HIPAA (enabled) attestations? Security in the cloud is shared responsibility and there are separate security and privacy responsibilities for each organization. Make sure that your cloud service providers have the appropriate security and privacy programs in place that you can count on with respective Business Associate Agreement in place.

    Cloud Service Provider Understanding

    Many of the Covered Entities and/or Business Associates are utilizing cloud offerings providers. Are you working with a firm that understands cloud and cybersecurity? Have they worked with the leading hyperscale providers – do they understand the IaaS/PaaS nuances, HIPAA enabled services (attestations), and know how to piece together a security roadmap (inclusive of cloud offerings)?

    Continuous Assurance

    Meeting security and privacy requirements for HIPAA are important for both compliance and your brand. Cyber incidents and data breaches in the healthcare space are at an all-time high. What is your organization doing to manage risk? Make sure that you have the right security partner to guide continuous assurance activities for the right organizational visibility.

    Why is HIPAA important?

    One of the main goals of HIPAA was to create a more streamlined and efficient healthcare system. To improve the efficiency and effectiveness of the health care system, HIPAA and respective addendums were put in place as national standards/law for electronic health care transactions and code sets, unique health identifiers, and security. HIPAA provisions are Federal law that mandated the adoption of Federal privacy protections for individually identifiable health information. Compliance is required for the HIPAA Security Rule, Privacy Rule and Breach Notification Rules for organizations supporting (creating, storing or transmitting) sensitive healthcare care data.

    Why should my organization care?

    There are two main groups responsible for HIPAA compliance: Covered Entities (CE) and Business Associates (BA). Most Covered Entities have direct contact with patients. Business Associates do not typically see patients but maintain, or access to Protected Health Information (PHI).

    Covered Entity (CE)

    • Health Plans | Clearinghouses | Provider


    Business Associate (BA)

    • Cloud Service Provider | Traditional IT Services | Billing or coding company | Medical Device | Law office or accounting firm

    Recent Insights