Failure to comply with HIPAA is risky business

Monetary settlements for HIPAA infractions over the last five years average $1.4M, and complaints, which may trigger an investigation, have been steadily rising.

With more employees working from home and escalating cybersecurity threats, your organization needs to have the right policies and procedures in place to safeguard protected health information, deliver regular employee training, and update HIPAA’s required risk/threat analysis.

When was the last time your HIPAA policies were reviewed?

Handle protected health information with care

The Health Insurance Portability and Accountability Act (HIPAA) requires group health plan sponsors to safeguard the privacy and security of participant protected health information (PHI) and electronic protected health information (e-PHI).

Strong governance and ongoing employee training are essential to help you avoid common compliance gaps. Organizational change, new IT service agreements, and more employees working from home can all impact your business operations. In a recent survey, we found:

  • 42% of respondents didn’t know when a HIPAA risk/threat analysis was last conducted
  • 35% of respondents last offered HIPAA training between 1-5 years ago

Our team can help you evaluate and mitigate business risk, document policies and procedures, and implement workforce training so you can remain compliant and prevent a security breach.

How we can help

HIPAA documentation

We’ll draft HIPAA privacy and security policies and procedures specific to your organization and customized to the group health plans that you sponsor. The process we follow allows for a thorough analysis of your HIPAA compliance and the opportunity to mitigate any identified risks.

Risk/threat analysis

Failure to conduct risk assessments and having documented risk management policies in place are two of the most frequently cited reasons for breaches. We’ll prepare, score, and document your comprehensive risk/threat analysis.

Employee training

Our team delivers a comprehensive training program to address HIPAA’s complex compliance requirements. From a basic self-service version to facilitator-led sessions, we customize the format so that the content and delivery meet your organization’s specific needs.

Business associate agreement reviews

Updated and accurate business associate agreements are critical to HIPAA compliance and imperative to protecting your organization. We’ll review these agreements and provide initial comments to your legal counsel to assist with contract negotiations.

Operational review

Operational adherence to your stated policies and procedures is critical to ensure HIPAA compliance. We’ll use your current HIPAA privacy and security documents as the foundation to assess your group health plan’s compliance in addition to a strategic sampling of documents to demonstrate compliance as outlined in the HHS audit protocol. We provide documentation of key findings and recommendations at the conclusion of our review.

Ongoing HIPAA compliance program

HIPAA is not a one-and-done exercise. Our team partners with you to develop a sustainable ongoing HIPAA compliance program, helping you meet your ongoing training and risk assessment requirements.


For additional insights on how your organization can create a workforce today that can take on tomorrow, check out our thinking.

For personalized access to our latest HR and benefits news and analysis, register here.


“Room for improvement” – HIPAA Audits Industry Report

Read more


Remote control: HIPAA challenges for a growing workforce

Read more


Buck survey finds group health plan sponsors struggle to comply with HIPAA regulations, unprepared for an audit or investigation

Read more


HIPAA: Mind your compliance gaps

Read more


Impact of COVID-19 on HIPAA compliance and employer considerations

Read more