(866) 745-7544    |    request a demo    |    login

News & Announcements

Here's the latest news and announcements from BenefitWerks.
HIPAA Advances Security Initiative

If your security organization is in the healthcare space, you inevitably are wrestling with the Healthcare Information Portability and Accountability Act (HIPAA). HIPAA compliance is one of the biggest challenges healthcare IT organizations face -- but it also could be an opportunity to advance your security agenda.

For security professionals to leverage compliance investment and activities for broader benefit, they must understand what’s driving current compliance investment.

First, it bears saying that the standards outlined in the HIPAA Security Rule are designed to address broad swaths of industry—from small clinics and physician offices to the largest institutional care providers and insurance companies. Because of this, the high-level security control objectives outlined in the Security Rule (standards) as well as the supporting controls are extremely broad and lacking in technical specificity.

How can security organizations make use of compliance activities? They can start with risk management, which historically has been a challenge for security organizations, both in and out of healthcare. But the HIPAA Security Rule is tied tightly to risk management activities, a coupling security organizations can leverage to make progress they probably couldn’t make otherwise.

IT organizations in healthcare can sometimes feel like they are at odds with compliance teams. This is because the standards and implementation specifications outlined in the HIPAA Security Rule have a technical impact, but are usually tracked and managed by non-technical compliance teams.

The bottom line is that the compliance team’s interpretation of implementation specifications must be in sync with the technical security team’s. One way to do this is to reach out to the compliance organization and walk through its existing compliance strategy with its people.

Compare your interpretation with the compliance team’s by going through (in detail, and drawing on your technical understanding) how members of that team feel you do or don’t meet the requirement. Then discuss with them candidly where exceptions and complexities might lie. If you identify gaps in understanding on either side, discuss each gap and what to do about it until you reach agreement. It’s likely to be the case that interpretations will differ.

You can leverage some of the recent changes in HIPAA Security Rule enforcement to help you meet pernicious, difficult-to-implement controls in certain circumstances when they intersect with vendors and business associates. For example, under HITECH, compliance and enforcement of the Security Rule now extend to business associates—those entities that are not part of your company but might support you when it comes to handling and processing PHI.

[Excerpted from "Security Via HIPAA Compliance," a new report posted this week on Dark Reading's Compliance Tech Center.]

About BenefitWerks

At BenefitWerks, we believe in working smarter not harder. It may sound trite, but when we say smart, we're talking quick, easy-to-use, cost-effective online software solutions that turn complicated HR employee benefits problems into child's play.

Our toolbox of administrative HR tools has delivered immediate return on investment time and time again. Learn more about BenefitWerks and our trend-setting benefits enrollment software and administrative solutions.

Time is Money

Contact us for a FREE demo and learn how BenefitWerks can increase user satisfaction and save time and money. After all, time is money.

Contact Information


Email: info@benefitwerks.com

P.O. Box 2572
Orange Park, Florida 32067