Healthcare Compliance

HIPAA / HITECH

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the additional provisions within the Health Information Technology for Economic and Clinical Health Act (HITECH) of 2009 consists of a series of regulatory standards pertaining the safeguarding of protected health information (PHI). Organizations that must be HIPAA compliant are classified by the regulation as either Covered Entities or Business Associates. The requirements of HIPAA are organized into three rules: Privacy Rule, Security Rule, and Breach Notification Rule.

An independent assessment can give your customers, regulators, and stakeholders confidence in your organization’s compliance with one or all three of the HIPAA rules.

DEA EPCS

The Drug Enforcement Administration (DEA) regulates the electronic prescription of controlled substances and on 2010 issued its final rule within Title 21 of the Code of Federal Regulations Part 1311. This rule requires that electronic prescription and pharmacy management applications must demonstrate compliance with the technical standards set forth in 21 CFR Part 1311 via a third-party audit at each of the following:

  1. Before the application may be used to create, sign, transmit, or process controlled substance prescriptions
  2. Whenever functionality related to controlled substance prescription requirements is altered or every two years, whichever occurs first

AssurancePoint offers a comprehensive third-party audit and reporting program. We aim to educate and assist our clients in navigating the complexities of the DEA regulation and provide a quality report on compliance. We are a registered CPA firm and our EPCS compliance reports are signed by a designated Certified Information Systems Auditor meeting both the competency requirements set forth by federal regulations.