RedLegg's HIPAA Risk Assessment Program is structured into five key phases:
In this phase, RedLegg examines relevant documentation and policies to determine the maturity level of the HIPAA framework already in place within the organization. The assessment team will review the organization's procedures, security measures, and protocols related to HIPAA compliance. This examination helps establish a baseline understanding of the organization's current state of compliance and identifies any existing gaps or areas that require improvement.
During this phase, RedLegg conducts interviews with key stakeholders within the organization. These stakeholders may include executives, department heads, IT personnel, and other staff members involved in handling protected health information (PHI). The purpose of these interviews is to gain insights into the organization's practices, identify potential challenges related to HIPAA compliance, and gather additional information that may not be evident from the documentation alone.
After completing the examination and interviews, RedLegg moves to the clarification phase. Here, they seek to resolve any ambiguities or discrepancies found in the documentation or interview responses. This phase involves seeking additional information, asking follow-up questions, and validating details to ensure a comprehensive and accurate understanding of the organization's HIPAA compliance status.
In the final phase, RedLegg compiles the assessment findings into a detailed report. This report typically includes an executive summary, assessment findings, remediation recommendations, and a roadmap for enhancing the organization's HIPAA compliance beyond the current framework. The report may also highlight areas where the organization is performing well and provide actionable steps to address any identified non-compliance issues.
Following the completion of the report, RedLegg conducts a debriefing meeting with the organization's stakeholders. During this meeting, they present the assessment findings, discuss the recommendations, and collaborate with the organization to determine the necessary changes or improvements to be made. The debriefing phase aims to ensure that the organization fully understands the assessment results and can take appropriate actions to enhance their HIPAA compliance and data security practices.
In this phase, RedLegg examines relevant documentation and policies to determine the maturity level of the HIPAA framework already in place within the organization. The assessment team will review the organization's procedures, security measures, and protocols related to HIPAA compliance. This examination helps establish a baseline understanding of the organization's current state of compliance and identifies any existing gaps or areas that require improvement.
During this phase, RedLegg conducts interviews with key stakeholders within the organization. These stakeholders may include executives, department heads, IT personnel, and other staff members involved in handling protected health information (PHI). The purpose of these interviews is to gain insights into the organization's practices, identify potential challenges related to HIPAA compliance, and gather additional information that may not be evident from the documentation alone.
After completing the examination and interviews, RedLegg moves to the clarification phase. Here, they seek to resolve any ambiguities or discrepancies found in the documentation or interview responses. This phase involves seeking additional information, asking follow-up questions, and validating details to ensure a comprehensive and accurate understanding of the organization's HIPAA compliance status.
In the final phase, RedLegg compiles the assessment findings into a detailed report. This report typically includes an executive summary, assessment findings, remediation recommendations, and a roadmap for enhancing the organization's HIPAA compliance beyond the current framework. The report may also highlight areas where the organization is performing well and provide actionable steps to address any identified non-compliance issues.
Following the completion of the report, RedLegg conducts a debriefing meeting with the organization's stakeholders. During this meeting, they present the assessment findings, discuss the recommendations, and collaborate with the organization to determine the necessary changes or improvements to be made. The debriefing phase aims to ensure that the organization fully understands the assessment results and can take appropriate actions to enhance their HIPAA compliance and data security practices.
Over 10 years of advisory experience and up-to-date knowledge of the information security landscape
Diverse consulting and management experience in a variety of corporate environments, including Fortune 100 enterprises
Successful planning and solutions rapid deployment experience on a national and international scale
Experience with technical architecture, system, and application platform standardization
Experience with addressing cultural, technical, and compliance challenges as a result of national and international mergers and acquisitions
Audit and compliance expertise as an assessor, trusted security advisor, and compliance manager
Experience with managing large organizations and project-based teams of full-time employees and consultants
