SecureState HIPAA Compliance Seal: The Pros and Cons

SecureState HIPAA Compliance Seal
The new SecureState HIPAA Compliance seal

The new SecureState HIPAA Compliance seal is leading to an interesting conversation taking place on the consulting firm’s site. The company is a global management consulting firm focused on information security.

The pros and cons of such a program are offered and both of the following questions are being asked: Is a HIPAA-compliant seal is worth the effort and would it be relevant?

For business associates of healthcare entities, becoming HIPAA compliant can be a daunting task, and proving compliance to a possible partner can be even harder, which is SecureState developed one.

As such, the SecureState’s Qualified Security Assessors have developed a seal, providing a means for businesses to convey that their programs comply with applicable regulations based on its independent third-party attestation.

According to the company, given the depth and complexity of regulations, and the pending Omnibus changes, they think such a seal has value.

Specifically, though, what are the pros and cons of obtaining a seal, or requiring service providers maintain a current seal?

“SecureState’s HIPAA compliance seal for business associates provides an easy way to prove to potential partners you are HIPAA compliant.” Said Matthew Neely, SecureState Director of Strategic Initiatives.

According to Secure State:

Cons

Pros

Is a compliance seal valuable? Perhaps your thoughts will differ from those of SecureState, the the consultants there think there is no simple answer. “It depends on your industry (e.g., do you fall within a heavily regulated industry, are you receiving protected health information), your compliance posture, risk aversion, and the size and complexity of your environment. But for many entities, being able to display a seal can provide patients with peace of mind and business partners a competitive advantage.

“For example, if you are seeking an explanation of benefits (EOB) print solution, selecting a vendor who is HIPAA compliant is required, and a seal assists in determining their compliance posture. As such, it may make sense to only select from a pool of candidates who have successfully demonstrated compliance – for example those with a third-party attested HIPAA seal.

“Similarly, patients are becoming more privacy savvy, thus they may demand minimum security controls be in place. Do these offset the associated costs? Again it depends, but if you are off-loading work – such as required due diligence or internal controls assessments – you may even save money.

Advice from SecureState about proceeding with a seal audit: It’s prudent to look at your business model. An audit will provide objective feedback on compliance posture – always a good thing – but does that provide the business value to justify a HIPAA seal?

“As technologies continue to evolve, including algorithms to correlate seemingly disparate data stores and business leaders continue to find value in mining big data, validating compliance controls seems in most business setting a prudent step in managing risk. Positioned correctly it can be a competitive advantage for both patients – seeking to have their health information adequately protected – and business partners who need assurances that their data is being properly secured, to protect themselves. So while it may not make good business sense for all entities to pursue a HIPAA seal, there is a preponderance of data that suggest it can be a value tool.

“Many businesses struggle with filling out multiple questionnaires to prove they are HIPAA compliant, or even worse need to go through multiple audits from different vendors,” said Neely. “A HIPAA compliance seal provides a simple solution to this problem. Go through one HIPAA audit and use the seal to prove you are compliant to all your business partners or to insurance vendors.”

So, is a HIPAA compliance seal worth the effort for those in the industry?


Write a Comment

Your email address will not be published. Required fields are marked *