HIPAA risk management exchange launches


Coalfire, an independent information technology governance, risk and compliance firm, has launched HIPAAcentral, a new compliance exchange that provides a comprehensive suite of services for covered entities and business associates and their subcontractors to manage, maintain and exchange healthcare regulatory compliance data.

HIPAAcentral simplifies compliance management by providing vendor risk management tools, training, templates, and third-party validation services, plus an online compliance registry and knowledge exchange.

The service, which is available by subscription to both covered entities (CEs) and business associates (BAs), utilizes standardized criteria for compliance validation and actively monitors vendor compliance via automated notifications, workflow management and expert support.

“The US Department of Health and Human Services is now actively monitoring and enforcing the HIPAA Omnibus Rule, and too many healthcare firms aren’t prepared,” said Rick Dakin, CEO and co-founder of Coalfire. “HIPAAcentral is closing that gap by enabling subscribers to securely exchange and verify compliance status.”

As of September 23, 2013, all covered entities, business associates and their subcontractors were required to be in compliance with the HIPAA Omnibus Rule, and are now facing increased financial and criminal penalties for non-compliance. A survey conducted by Coalfire in September found that a majority of business associates reported being somewhat or completely unaware of their new responsibilities under the Omnibus Rule, and fewer than half of business associates reported being compliant.

The HIPAAcentral platform was developed with input from both the covered entity and business associate communities, and provides a secure, business-to-business network with access to training, templates, white papers, alerts and other resources to track the complex and constantly changing security and compliance landscape.

The platform is based on industry frameworks such as NIST 800-66, and the Office of Civil Rights (OCR) audit protocol to meet the requirements of the HIPAA Security Rule, as well as the IT security-related requirements of the HITECH and the Omnibus Rule.

“The HIPAAcentral platform provides a game-changing solution for the healthcare industry, combining expert GRC capabilities, industry resources, education, and a community, business-to-business network,” continued Dakin.

“HIPAAcentral dramatically reduces the risks and barriers to compliance and provides a simplified path to security and compliance with increased efficiencies and decreased costs.”

HIPAAcentral also provides for easy access to a full complement of Coalfire and third-party GRC services to meet security and compliance needs, and registered users are eligible to receive a discount for a Coalfire compliance assessment.


Coalfire, HIPAAcentral, compliance management, HHS