When we became aware of the AHCCCS 3rd party HIPAA Security Rule audit requirement, we knew immediately that we should contact Clearwater.
The Clearwater team had previously assisted a large number of Tenet-owned providers with privacy, security, compliance and information risk management matters. Even though the specific AHCCCS requirements only included an audit of HIPAA Security Rule compliance, knowing the rigor of their work, we chose to have Clearwater audit our HIPAA Privacy and HITECH Breach Notification compliance at the same time. We gained exceptional peace of mind as the result of their work.
As an Arizona Health Care Cost Containment System (AHCCCS) contractor, PHP is required to engage an independent 3rd party firm to perform a HIPAA Security Rule compliance audit on an annual basis. To meet this requirement PHP needed to identify immediate remediation for any compliance issues and determine if reasonable and appropriate policies and procedures have been implemented to safeguard sensitive health information.
- To identify immediate remediation for any compliance issues to meet the Arizona Health Care Cost Containment System (AHCCCS) requirements and to comply with the HIPAA Security Rule.
- To determine if reasonable and appropriate policies and procedures are implemented to safeguard sensitive health information in accordance with HIPAA-HITECH and the Omnibus Final Rules
- Assessed organization’s compliance with HIPAA Security, Privacy & Breach Notification Rule as well as compliance to the AHCCCS Standards.
- Completed HIPAA Security, Privacy & Breach Notification Assessment.
- Updated program to meet the Omnibus Final Rules.
- Successfully completed HIPAA Security Re-Assessment and AHCCCS Security Rule Compliance Checklist on time and within budget.
- PHP met the requirements of AHCCCS Security Rule Compliance Policy #108 and HIPAA Security Evaluation (45 CFR § 164.308(a)(8));
- Completed a rigorous compliance assessment vis-à-vis HIPAA Security Rule,Established a baseline score and populated Clearwater’s IRM|Security™ software tool with current compliance status that will enable ongoing compliance management;
- Clearwater provided independent, objective 3rd party input and recommendations; and,
- Additionally, although not required by AHCCCS, by conducting the Privacy & Breach Notification assessments, PHP strengthened its overall HIPAA-HITECH compliance program.