HIPAA Compliance


The Health Insurance Portability and Accountability Act (HIPAA) sets forth standards for safeguarding sensitive personally identifiable patient data. HIPAA comprises rules governing the lawful use and disclosure of Protected Health Information (PHI). Enforcement of HIPAA compliance falls under the jurisdiction of the Office for Civil Rights (OCR), a division of the Department of Health and Human Services (HHS). The Office for Civil Rights oversees HIPAA compliance to promote health insurance portability, aiming to eliminate job lock resulting from preexisting medical conditions and curb healthcare fraud and abuse. By enforcing standards, the Office for Civil Rights strives to ensure the security and privacy of personal health information.

Our Approach

Policies and Procedures
At Selkey Cyber Security, our dedicated in-house team specializes in crafting comprehensive documentation of Policies and Procedures tailored to our clients' needs, following an in-depth understanding of their organization's existing policies and procedures. Our documentation adheres strictly to HIPAA guidelines, ensuring compliance and robust protection of sensitive healthcare data.

A. Information Security Policy

B. Cyber Crisis Resiliency Program

C. Data Protection Policy

D. Privacy Statement

E. Incident Management Procedure
Privacy Impact Assessment
At Selkey Cyber Security, we support organizations in assessing the effectiveness of their privacy controls and identifying any existing gaps in privacy controls and procedures. Based on this evaluation, we initiate the Privacy Control Implementation process to address identified deficiencies and enhance privacy measures. As part of this process, we conduct a Data Protection Impact Assessment (DPIA) to evaluate the potential impact of data processing activities on individuals' privacy rights and freedoms.

By conducting thorough assessments and implementing appropriate privacy controls, we help organizations strengthen their privacy posture and achieve compliance with regulatory requirements.
Risk Register
During this phase, Selkey Cyber Security defines the inherent risks within the client's existing system in alignment with HIPAA requirements. We collaborate closely with our clients to identify these risks comprehensively. Subsequently, we provide expert guidance and support to implement the requisite controls and policies to mitigate the identified risks effectively.

Our approach ensures that our clients achieve compliance with HIPAA regulations while bolstering their overall cybersecurity posture.
Centralized Process
During this phase, Selkey Cyber Security undertakes the design and construction of centralized procedures for our clients, facilitating their implementation within their organizations. We provide comprehensive assistance to ensure compliance with HIPAA regulations.

A. Data Subject Request: Establishing procedures to handle requests from data subjects regarding their personal health information, ensuring timely and appropriate responses in accordance with HIPAA requirements

B. Data Subject Consent: Developing protocols for obtaining and documenting consent from data subjects for the collection, use, and disclosure of their protected health information, as mandated by HIPAA regulations.

C. Inventory for Breach Occurred: Creating an inventory of procedures and protocols to be followed in the event of a data breach, including notification requirements, incident response measures, and breach documentation procedures, in compliance with HIPAA breach notification rules.
Yearly Audit Framework
During this phase, Selkey Cyber Security outlines the plan for the Yearly Audit in collaboration with the organization and subsequently conducts the audit alongside the client. Once all rules and processes have been implemented, organizations are required to undergo annual auditing to ensure ongoing compliance with regulatory requirements.

Selkey Cyber Security provides comprehensive assistance to our clients throughout the auditing process, offering expertise and support to help them demonstrate adherence to relevant standards and regulations.
Previous slide
Next slide


Covered Entities

Entities that collect, generate, or transmit electronic Personal Health Information (PHI) primarily encompass healthcare organizations, including healthcare insurance carriers and healthcare service providers. These entities play a crucial role in managing PHI and are responsible for ensuring its confidentiality, integrity, and availability in accordance with applicable regulations such as HIPAA.

Business Associates

Entities that come into contact with Personal Health Information (PHI) while working on behalf of a covered entity on a contractual basis encompass a variety of organizations. This includes billing companies, third-party consultants, IT service providers, cloud storage providers, and other entities. These organizations handle PHI in different capacities and are obligated to adhere to regulations such as HIPAA to ensure the protection and privacy of sensitive health information.

Partner Certification Bodies

Selkey Cyber Security’s Partners to Achieve the Certification:

Secure your digital assets
with our top-tier protection.

Enjoy unparalleled cyber security with Selkey Cyber Security.

Reach out to us today for further information.