Meet the challenge of HIPAA Compliance

Services & Support for Nonprofits

Groups that provide services to the public involving any form of health-related interaction with individuals benefit from the guidance we offer.

VantagePoint has organized distinct services to make it easy for nonprofit organizations to get the focused help they need, choosing among a broad range of HIPAA-related concerns. You can indicate your particular area(s) of interest on the contact form linked to the “Request a Proposal Now” button above, and we will respond via email or phone to learn more about your needs and provide more details about our services and fees.




  • Risk Analysis. The HIPAA Security Final Rule requires that you conduct a risk analysis of your organization, which is also a requirement for attesting to Meaningful Use. Following HHS/OCR guidelines and incorporating the NIST framework, our risk analysis service inventories your systems that create, receive, store and transmit PHI, identifies the threats and vulnerabilities, and rates the impact to your organization. A cybersecurity review details technical matters that may warrant your attention. With an understanding of your risk profile, you are positioned to make informed decisions and prioritize security investments in an effort to reduce your risk.
  • Implementation and Monitoring Guidance. Once your HIPAA Compliance Program is    documented, we will assist in helping you implement some of the work flow changes    necessary to be compliant. You may also benefit from steps and checklists that will help you monitor the success of your program.
  • Security Assessment. Conducting a periodic security evaluation is a key requirement of the HIPAA Security Final Rule. Our Security Assessment addresses the 22 standards and 50 implementation specifications included in the Security Rule and the 77 included in the    HHS Audit protocols. The assessment examines your organization’s level of compliance with administrative, physical, and technical safeguards, business associate agreements, and breach notification. We review existing policies and procedures, establish a compliance benchmark, create a remediation plan, and help you to show improvements in your compliance score.
  • Self-Assessment Audit Tools. The tools we provide save organizations time by leading them   through a series of questions that result in an internal document proving compliance (or    outlining gaps) with the rules.
  • Privacy Officer, Security Officer and General Staff Training. The Privacy Officer and Security Officer two-day on-site training is comprehensive and positions individuals to be able to handle the oversight of HIPAA programs in their organizations. General staff training, done annually, provides administrative and clinical staff with only the information necessary for them to understand their role in compliance.
  • Business Associate Compliance Audits. Ensuring that your Business Associates are keeping your patients’ PHI secure and that they are in compliance with the rules, requires your oversight and auditing. We can assist in conducting these audits on your behalf, either announced or unannounced.

About HIPAA, the Health Insurance

Portability and Accountability Act

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a set of statutes designed to improve the efficiency and effectiveness of the US health care system.


Provisions include rules protecting the privacy and security of personal health information. These rules are enforced by the US Department of Health and Human Services Office for Civil Rights (OCR):

  • The Privacy Rule protects the privacy of individually identifiable personal health information.
  • The Security Rule sets national security standards for protecting electronic data that contain protected health information (PHI).
  • The Enforcement Rule in Title II sets civil money penalties for violating HIPAA rules and establishes procedures for investigations and hearings for HIPAA violations.


Protection and Confidential Handling of Health Information

The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI, including paper, oral, and electronic, etc. Furthermore, only the minimum health information necessary to conduct business is to be used or shared.


Violations of HIPAA

According to the US Department of Health and Human Services Office for Civil Rights, between April 2003 and January 2013 they received 91,000 complaints of HIPAA violations, in which 22,000 led to enforcement actions of varying kinds (from settlements to fines) and 521 led to referrals to the US Dept of Justice (criminal actions).

©2018 VantagePoint HealthCare Advisors | Privacy Policy | Contact Us