HIPAA Safeguard Version 2.0 by Cornichon Healthcare Select, LLC is designed for self-assessment to help covered entities and business associates affordably achieve and demonstrate compliance with HIPAA, HITECH Act, and Meaningful Use requirements for safeguarding healthcare information. Version 2.0 includes a NIST-based risk analysis template, safeguard policies and procedures written in plain language that covered entities and business associates can tailor to their business operations using risk analysis findings, required forms, and a concordance linking Meaningful Use security requirements with HIPAA security standards.
Cornichon Healthcare has launched Version 2.0 of HIPAA Safeguard that links Cornichon’s risk analysis template—based on protocols established by the National Institute of Standards and Technology (NIST)—with Cornichon’s written, 92 HIPAA required policies and procedures for safeguarding protected health information (PHI) and 22 forms for documenting safeguard actions, activities, and assessments. Covered entities and business associates are required by federal law to secure PHI, and, with HIPAA Safeguard, they can now streamline the first step in the compliance process—the required risk analysis—and use the findings to tailor Cornichon’s written safeguard policies and procedures to their business operational environments to achieve and demonstrate compliance. For covered entities also participating in the federal financial incentive program for Meaningful Use and Adoption of Certified Electronic Health Record (EHR) technology, HIPAA Safeguard also includes a concordance that links Stage 1 and Stage 2 Meaningful Use Security Criteria to appropriate HIPAA Security Rule Implementation Specifications for substantiation of attestation with the Meaningful Use Security Measure.
According to Ed Jones, Cornichon Healthcare founder and owner, “we created Version 2.0 in plain language and with lots of “what to do” understandable NIST guidance because we found that covered entities and business associates focusing on their core businesses did not understand how to interpret and implement arcane language of federal HIPAA and HITECH Act regulations.”
HIPAA Safeguard Version 2.0 is current, updatable, step-by-step, and—starting with the risk analysis—designed for self-assessment. HIPAA Safeguard is affordable for initial purchase ($449) and optional renewals ($99 annually), immediately downloadable after purchase, and password protected for anytime online access, including on any mobile device. As part of the purchase process, HIPAA Safeguard automatically embeds the designated name of a covered entity or business associate purchaser in each safeguard policy and procedure to start the purchaser on the path to compliance and have evidence of moving on that path in the event of a compliance audit or complaint or breach investigation. Prospective
purchasers can register at http://www.HIPAASafeguard.net to download sample HIPAA Safeguard documents that include the embedded designated name of the registrant.
In December 2014, Cornichon Healthcare began the process of exploring accreditation of HIPAA Safeguard with the Electronic Healthcare Network Accreditation Commission (EHNAC), which is underway. EHNAC, is an independent, federally recognized, standards development organization and taxexempt, 501(c)(6) non-profit accrediting body designed to improve transactional quality, operational efficiency, and data security in healthcare. Cornichon’s objective in pursuing accreditation by a trusted recognized outside entity is twofold:
- Establish by midyear 2015 that Cornichon’s written plain language compliance tools—risk analysis template, safeguard policies and procedures, forms, and Meaningful Use Security/HIPAA Security concordance—are consistent with and meet or exceed all required HIPAA and HITECH Act safeguard standards, implementation specifications, and requirements.
- Once established, encourage State authorities and cyber security insurers to recognize certified documentation from HIPAA Safeguard as the accredited source for “deemed compliance status” as a means of achieving cost-effective safeguard compliance enforcement, improving underwriting of cyber security risks of covered entities and business associates, and reducing the incidence and business and social costs of privacy and security breaches in healthcare.
Additional information is available at http://www.HIPAASafeguard.net and from contacting Craig Maynard, Vice President of Cornichon Healthcare, at 843-813-6567 or at craig.maynard(at)HIPAASafeguard(dot)net.
