Company | Support | Contact Us
Privacy | Transactions and Code Sets | Security | Identifiers
HIPAA Navigator | HIPAA SLP | Manuals | Guides
Approach | Assessment | Implementation | Training | Evaluation | Maintenance
For Providers | For Health Plans | FAQ | Free Downloads
For Providers | For Health Plans | For Attorneys | For Security Professionals
subglobal7 link | subglobal7 link | subglobal7 link | subglobal7 link | subglobal7 link | subglobal7 link | subglobal7 link
subglobal8 link | subglobal8 link | subglobal8 link | subglobal8 link | subglobal8 link | subglobal8 link | subglobal8 link

Alphabetical listing of HIPAAssociates Services


Business Associates

Business Associates are an important part of HIPAA, and the covered entity must go through the steps to identify who they are, and then sign a Business Associate agreement with them. Business Associates have certain responsibilities under HIPAA. HIPAAssociates helps identify these entities, and provides a model Business Associate agreement.

CDROM with Standards, Forms, Procedures, HA Software Assessment, Planning, Documentation and Auditing tools

All of the HIPAAssociates materials, including manuals, are included on a CDROM in convenient electronic format (MS Word and PDF). This allows the client to edit the various forms and even the manuals as needed. The CDROM also includes the entire HIPAA regulation, not only in the (hard to read) PDF format released by the government, but also in HMTL format which is much easier to read and navigate. In addition to the manuals, this becomes an indispensable tool for the Privacy, Transactions and Security Officer. This format is also available on the HIPAAssociates website.


HIPAAssociates will provide a certification service to make sure that the organization is compliant with HIPAA Security requirements.

* This service may involve the purchase and/or configuration of network and security systems.

Coding Support

HIPAA requirements forbid the use of local codes after the Transactions Deadline. In order to help the client ‘flush’ local codes out of the system, HIPAAssociates provides information and support to the client in order to meet this requirement.

Data Backup, Disaster Recovery, Emergency Mode Operation, Facility Security, Contingency Plans

Multiple plans to ensure the continued operation of the office in case of emergency, system failure, power outages and other disasters are required for each Provider. HIPAAssociates develops these plans on-site for each client, including instructions on how to test these plans (also a requirement).

Documentation Systems

Developing documentation systems is also an important part of HIPAA compliance. Covered entities must document certain actions, and be able to produce reports upon patient requests, in cases of audit, and other situations. Put another way, if the covered entity does not develop documentation systems, they can expect to spend a significant amount of time gathering the information and worrying about whether the information is complete. HIPAAssociates helps establish documentation systems and also offers software to help satisfy these requirements.

Electronic Signatures*

If the client uses electronic signatures for applications such as secure email to transmit Protected Health Information, HIPAAssociates can help identify the requirements and suggest vendors to provide this functionality.

* This service may involve the purchase and/or configuration of network and security systems.

Hardware and Software Inventory

Satisfying a HIPAA requirement, HIPAAssociates helps the client develop a comprehensive inventory of hardware and software, provides tools to keep track of new purchases and maintenance, and provides support for inventory tracking systems.

HIPAA 101 Training

HIPAAssociates gives this training as an introduction to office managers and staffs to give a general overview of HIPAA, status of each standard, explanation of terms, etc. At the end, we have a question and answer session. The session runs for 2.5 hours.

HIPAA Reference Manual

The HIPAAssociates manual is a loose-leaf, updateable reference manual covering all 4 HIPAA standards: Privacy, Transactions, Security and Identifiers.

The manual is structured similarly to our consulting programs, giving an overview of each standard, laying out a template for doing the assessment, providing model policies, procedures and forms, and providing cross references to our software tools and information resources. It's available in hard copy and electronic form, with hyperlinks to relevant sections of the manual, the HIPAA regulation, and software tools, to help our clients navigate the requirements and update the manual.

The manual includes the latest Privacy changes introduced in August 2002, the final Transactions standard, and the final Security and Identifiers standards.

Identifiers Support

There are several new identifiers required by HIPAA, some still in the proposal stage. When finalized, Providers and other covered entities will need to incorporate them into standard transactions. HIPAAssociates helps the client apply for and receive the identifiers, and works with their vendors to make sure they are incorporated by the Transactions deadline.

Media Controls

HIPAA requires that adequate and reasonable controls be implemented for various types of media used to store Protected Health Information. HIPAAssociates provides procedures and suggests solutions to put these controls in place.

Network and System Configuration*

In order to meet requirements such as entity authentication, user/role access, and others, changes in network and system configuration may be needed. HIPAAssociates provides a list of recommendations and offers to bring in outside vendors or perform the work ourselves, depending on the scope of the work required.

* This service may involve the purchase and/or configuration of network and security systems.

Office Walkthrough

HIPAAssociates starts its programs with a walkthrough of the office, looking for specific Privacy and Security items and generating an initial compliance report, which is given to the Provider free of charge. The walkthrough gives the office manager a chance to see what kind of things we look for in our assessment, and gives them an idea of what is involved with HIPAA compliance. During this time, we answer any questions that the office manager or staff may have.

Physical Access Controls*

In addition to electronic system safeguards, HIPAA requires physical safeguards be in place to protect patient information. HIPAAssociates provides procedures and suggests solutions to put these controls in place.

* This service may involve the purchase and/or configuration of network and security systems.

PHI Uses and Users Survey

HIPAAssociates developed this tool to help the HIPAA team at each client understand how to look at the different information types defined by HIPAA, such as the Designated Record Set, Protected Health Information, etc. The information is then matched against roles and job descriptions in the organization to help determine access authorizations, or the general ‘need-to-know’ rule which governs much of HIPAA Privacy and Security.

Privacy Officer Training

HIPAAssociates gives individual training sessions to Privacy Officers, during which we go over their new responsibilities and practical aspects of implementing HIPAA. The session is given at each practice and runs about 1 hour.

Privacy, Transactions and Security Gap Assessment & Report

HIPAAssociates does a thorough gap assessment with the aid of its HIPAA Assess software tool, and generates a detailed report which identifies gaps and potential gaps. Each report item is tied to the relevant regulation, and explains the requirement as well as the action needed for remediation.

Privacy, Transactions and Security Remediation Plan

Generation of the Remediation plan comes after the Gap Assessment and Report. Each gap and potential gap has one or more individual action items associated with it. The action items are assigned to the Privacy, Transactions and Security Officers in the organization, who then work with HIPAAssociates to complete the required tasks. The Plan itself is in Microsoft Project format, which allows for efficient management of the tasks and resources, and enables the HIPAA team in each client to manage their time commitments and still accomplish the work required by the deadlines.

Privacy, Transactions and Security Remediation Action Item Report

In order to accomplish the tasks, each person responsible for individual tasks needs guidance on how to get started, where to find relevant information, etc. This report details the steps needed to get started on each task, identifies the relevant section(s) of the HIPAA reference manual. Of course, HIPAAssociates representatives are also there to answer questions and offer assistance.

Privacy, Transactions and Security Job Description

Developing a job description for each HIPAA role is a requirement; after all, these individuals will gain new responsibilities. The job description delineates these new responsibilities, and helps the employer determine appropriate compensation levels.

Privacy, Transactions and Security Manual

In addition to the reference manual, HIPAAssociates provides individual Privacy, Transactions and Security manuals which become resources for the Privacy, Transactions and Security Officers; in addition, the Privacy manual can be given to new employees to train them on HIPAA.

Privacy, Transactions and Security Policies, Forms and Procedures

Each part of HIPAA involves new policies, forms and procedures. HIPAAssociates has developed model policies, forms and procedures to address each HIPAA requirement, and help deal with everyday situations when the new regulations come into effect. In most cases, the Privacy, Transactions and Security Officers must only review the policies, forms and procedures to see if they meet the needs of their practice.

Screen Office Software for HIPAA Readiness

Is your office software HIPAA ready? HIPAAssociates compares the features against the requirements, and tells you whether you need to upgrade or perhaps switch vendors.

Security Awareness Training

HIPAAssociates also gives a training session on Security Awareness, which is a requirement for all staff. The training includes typical everyday security issues that end users should be aware of – after all, the end user is the biggest security risk. The session runs for 30 minutes.

Security Configuration

Security configuration lists requirements such as documentation, virus checking, security testing etc. HIPAAssociates helps develop a security configuration that meets HIPAA requirements.

Security Risk, Applications and Data Criticality Analysis

Various types of analyses are required by the Security Standard to identify mission critical data and applications, and security risks. HIPAAssociates develops these analyses for Providers and provides a list of recommendations.

Security Training

Security Training is 2-day course designed for the Security Officer, covering topics such as systems, network, and security. This training is critical for an individual new to the role, and is designed for a non-technical audience.


4-week HIPAA team visit – after delivering the materials to the client, we make the first follow-up visit with the HIPAA team to make sure that the practice is on track with the HIPAA implementation plan, answer questions, and provide support.
4-month HIPAA plan visit – our second visit involves sitting down with the HIPAA team and offering support as needed. Again, this visit is to make sure that the client is on track with thei HIPAA implementation plan.

30-day/20 hr Telephone support – a knowledgeable support person to answer HIPAA questions for our clients.

120-day Email support – a knowledgeable support person to answer HIPAA questions for our clients.

Trading Partner agreements

Trading Partner agreements are required by HIPAA to be signed by parties engaging in electronic standard transactions. HIPAAssociates provides a model TP agreement for the client to use, and also provides it to the transactions vendor on behalf of the client during Vendor Communication.

Vendor Communication

Vendor communication is critical in achieving HIPAA compliance. Transaction and Security vendors have certain responsibilities with respect to HIPAA, and Providers must make sure that their vendors are taking the right steps toward compliance – this goes beyond signing agreements. HIPAAssociates has found that many vendors do not have a full understanding of HIPAA requirements themselves, and need help to determine what needs to be done. At the same time, the client needs to know what the status of their vendors is. HIPAAssociates starts by sending the vendor a detailed list of HIPAA requirements which come out of the Assessment process, follows up with them to make sure they respond to the Provider, and then facilitates the connection between the vendor and the Provider. In addition, HIPAAssociates is engaging vendors separately, screens their products to bring them within our Preferred Vendor program and offer them to our clients at discount rates.

Privacy Policy | Legal Notice | ©2001-2008 HIPAAssociates, Inc.