Meet the challenge of HIPAA Compliance

Services & Support for Legal Counsel

Your healthcare clients are often unaware of their obligations and can face penalties if they become the target of an OCR audit. VantagePoint support can make the difference.

VantagePoint has organized distinct services to make it easy for your healthcare clients to get the focused help they need, choosing among a broad range of HIPAA-related concerns. Also, remeber that depending on the services your firm is offering the client, you may qualify as a Business Associate. You can indicate your particular area(s) of interest on the contact form linked to the “Request a Proposal Now” button above, and we will respond via email or phone to learn more about your needs and provide more details about our services and fees.




  • Risk Analysis. Whether your client is a healthcare Covered Entity or a Business Associate, the HIPAA Security Final Rule requires that a risk analysis be conducted. Following HHS/OCR guidelines and incorporating the NIST framework, our risk analysis service inventories the systems that create, receive, store and transmit PHI, identifies the threats and vulnerabilities, and rates the impact to the organization. A cybersecurity review details technical matters that may warrant attention. With an understanding of the risk profile, your client is positioned to make informed decisions and prioritize security investments in an effort to reduce your risk.
  • Implementation and Monitoring Guidance. Once the organization's HIPAA Compliance Program is documented, we will assist in helping to implement some of the work flow changes necessary to be compliant. Your client may also benefit from steps and checklists that will help you monitor the success of the program.
  • Security Assessment. Conducting a periodic security evaluation is a key requirement of the HIPAA Security Final Rule. Our Security Assessment addresses the 22 standards and 50 implementation specifications included in the Security Rule and the 77 included in the    HHS Audit protocols. The assessment examines the organization’s level of compliance with administrative, physical, and technical safeguards, business associate agreements, and breach notification. We review existing policies and procedures, establish a compliance benchmark, create a remediation plan, and help you to show improvements in the compliance score.
  • Self-Assessment Audit Tools. The tools we provide will save your client time by leading them through a series of questions that result in an internal document proving compliance (or outlining gaps) with the rules.
  • Privacy Officer, Security Officer and General Staff Training. The Privacy Officer and Security Officer two-day on-site training is comprehensive and positions individuals to be able to handle the oversight of HIPAA programs in their organizations. General staff training, done annually, provides administrative and clinical staff with only the information necessary for them to understand their role in compliance.
  • Business Associate Compliance Audits. Ensuring that your client's Business Associates are keeping your patients’ PHI secure and that they are in compliance with the rules, requires your oversight and auditing. We can assist in conducting these audits on your behalf, either announced or unannounced.

About HIPAA, the Health Insurance

Portability and Accountability Act

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a set of statutes designed to improve the efficiency and effectiveness of the US health care system.


Provisions include rules protecting the privacy and security of personal health information. These rules are enforced by the US Department of Health and Human Services Office for Civil Rights (OCR):

  • The Privacy Rule protects the privacy of individually identifiable personal health information.
  • The Security Rule sets national security standards for protecting electronic data that contain protected health information (PHI).
  • The Enforcement Rule in Title II sets civil money penalties for violating HIPAA rules and establishes procedures for investigations and hearings for HIPAA violations.


Protection and Confidential Handling of Health Information

The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI, including paper, oral, and electronic, etc. Furthermore, only the minimum health information necessary to conduct business is to be used or shared.


Violations of HIPAA

According to the US Department of Health and Human Services Office for Civil Rights, between April 2003 and January 2013 they received 91,000 complaints of HIPAA violations, in which 22,000 led to enforcement actions of varying kinds (from settlements to fines) and 521 led to referrals to the US Dept of Justice (criminal actions).

©2018 VantagePoint HealthCare Advisors | Privacy Policy | Contact Us