HIPAA Consulting and Implementation.

Scope and Boundary.


The Organization providing Health Care Service will fall under one of the Categories like Covered Entity, Clearing House or Business Associate. Depending on the HIPAA Status, the HIPAA process definition and implementation may vary.

Our HIPAA Implementation Consulting team will help you to determine the Status of Customer Organization namely Business Associate or Covered Entity.

HIPAA compliance for an organization revolves around protecting the privacy and security of Protected Health Information (PHI) that the organization has or will have access to.

There are two distinct and separate regulations under HIPAA:

HIPAA Privacy safeguards for keeping protected health information safe from a people, administrative, and contractual standpoint.

HIPAA Security safeguards for keeping protected health information specifically in electronic form (computers, networks, email, software, electronic transmissions, etc) safe from disasters, hackers, and electronic theft.

The Organization needs to implement the both HIPAA Privacy regulation and HIPAA Security regulations to achieve HIPAA Compliance.

Responsibilities for HIPAA Consulting.


  • HIPAA Consultant, Director of SS Consulting, will be responsible for supporting HIPPA Consulting activities and Implementation for the Organization.
  • The Customer Organization will nominate a Compliance Officer/ Single Point of Contact to co-ordinate the entire HIPAA Implementation activities.
  • Understand the various functions and Roles as per The Organization Org Chart.
  • Formation of Steering Committee to take decisions regarding HIPAA rules definition and implementation.
  • Conduct an initial Gap Analysis with respect to HIPAA Privacy and Security Controls.
  • All the existing Policies and controls of ISMS(ISO 27001) need to be revalidated as per HIPAA recommendation. This is because Information Security Management System or ISO 27001 covers most of the Security Safeguards required for HIPAA implementation.
  • Assist in Privacy Risk Assessment and documentation.
  • Revise the Organization Manuals to include HIPAA Compliance and Regulation since the additional Roles and Responsibilities may have to be included in the RACI Matrix.
  • Develop all the procedures, templates and logs as per HIPAA standard guidelines taking into account the current regulatory practices.
  • Conduct Awareness Training to all the Stakeholders which is one of the most crucial requirements of HIPAA Compliance.
  • Prepare the Organization internal Auditors to verify the controls and conduct Audit.
  • SS Consulting will facilitate Management review meeting along with Compliance Officer to verify compliance and Adequacy of HIPAA Regulations to ensure proper safeguard of protected health information.
  • Coordinate with the certification Agency for the initial and final HIPAA assessment.

Responsibilities of the Customer Organization.


  • The Customer Organization will ensure that all the necessary information and documentations are made available towards HIPAA implementation based on Non-disclosure agreement between SS Consulting and the Organization.
  • They will provide the necessary resources for SS Consulting's HIPAA Consulting team to carry out the implementation activities such as desktop, Internet facility etc.
  • The steering committee will be available for approval and escalation.