Healthcare Office Managers, You Now Have an Ally.

Healthcare Office Managers, You now Have an Ally.

Compliance Solutions for Healthcare

Learn More

Guaranteed to never be out of compliance


Evidence of HIPAA Compliance powered by Checkuptech

Evidence of HIPAA Compliance
All the detail to satisfy an auditor or investigator is included in this report.

HIPAA Policies & Procedures by Checkuptech

HIPAA Policies & Procedures
Best practices that our industry experts have formulated to comply with the technical requirements of the HIPAA Security Rule

HIPAA Management Plan  powered by Checkuptech

HIPAA Management Plan
Defines the strategies and tactics that your practice will use to address its risks.


HIPAA Success Intensive

The most comprehensive HIPAA program that delivers results


Los Angeles leader in small medical practice HIPAA compliance management

HIPAA requires that covered entities such as small medical practices train their staffs in patient privacy issues, establish policies and procedures for handling patient information, plan for the fallout from data breaches and implement a bevy of security measures.

The early results from the HHS’ audit of HIPAA compliance revealed that many small medical practices were having trouble bringing their infrastructures, procedures and policies in line with the law. The audit found that smaller medical practices in particular struggled to comply with HIPAA regulations, and that healthcare providers generally had a tougher time following the regulations than did insurers and other entities.

HIPAA Program

Civil penalties for HIPAA violations are reaching into the millions – and those dollars can be better spent improving health outcomes. Violations and fines associated with PHI breach can also damage long-established public trust and may even lead to jail time. That’s why maintaining a secure, compliant health data environment is so important.


Privacy and Security
Full management of your policies & procedures, and system activity

HIPAA Breach Notification Service by Checkuptech

Breach Notification
Full management of your HIPAA, HITECH Breach Notification, Rules policies and procedures

HIPAA Business Agreement by Checkuptech

Business Agreement
Full management of your Business Associate Agreement / Contract

Los Angeles HIPAA Compliance Assessment Leader

We believe the future of value-based patient care will be powered by HIPAA compliant, scalable, interoperable infrastructure. Our service exists to help all of healthcare transition to that future.

How We Create Value
Checkuptech provides HIPAA compliant, infrastructure for small medical practices. Checkuptech relieves the burden of compliance so small medical practices can focus on bettering patient outcomes. We think compliance should be the last thing doctors think about, and not a barrier to progress.

Sign-up Today!
We relieve the burdens of compliance so you can focus on the important things, patient care. Schedule your HIPAA Compliance Assessment today.

“Everyone here is very happy”

CheckupTech setup our 10 acre RV park by programming a router, switch, computer and numerous access points. (Internet hot spots) He also added Ubiquity Rockets giving us web access 800 feet from the modem. Everyone here is very happy to have super-fast internet!

Bob Martyn - Owner | Scissor Tail RV Park

CheckupTech
5.0
2017-02-11T12:03:34+00:00

Bob Martyn - Owner | Scissor Tail RV Park

CheckupTech setup our 10 acre RV park by programming a router, switch, computer and numerous access points. (Internet hot spots) He also added Ubiquity Rockets giving us web access 800 feet from the modem. Everyone here is very happy to have super-fast internet!

“They were great!”

He recovered all of my data very quickly and for a reasonable price and even hand delivered everything back to me. I cannot recommend them enough!

Cyrene Dellinger - Realtor | Keller Williams Executive Property

CheckupTech
2017-06-17T23:25:58+00:00

Cyrene Dellinger - Realtor | Keller Williams Executive Property

He recovered all of my data very quickly and for a reasonable price and even hand delivered everything back to me. I cannot recommend them enough!

“Would highly recommend”

Mark is great! He has so much knowledge and you can trust that he's protecting you. He makes sure that all your systems are working properly. I really enjoyed using his services and would highly recommend him to anyone that needs to have their computer systems protected.

Walkiria Zarei - Agent, State Farm Insurance Agency

CheckupTech
5.0
2017-02-11T11:24:53+00:00

Walkiria Zarei - Agent, State Farm Insurance Agency

Mark is great! He has so much knowledge and you can trust that he's protecting you. He makes sure that all your systems are working properly. I really enjoyed using his services and would highly recommend him to anyone that needs to have their computer systems protected.

“I have someone I can count on”

I called CheckupTech because I was having a problem with my office computer and printer. They called me and scheduled a appointment same day. I really enjoyed knowing I have someone I can count on and be able to come when I do have a immediate need. I will be calling them for my future needs as well.

Rurik M. -Mortgage Planner, CaminoReal Mortgage Bankers

CheckupTech
5.0
2017-02-11T11:38:52+00:00

Rurik M. -Mortgage Planner, CaminoReal Mortgage Bankers

I called CheckupTech because I was having a problem with my office computer and printer. They called me and scheduled a appointment same day. I really enjoyed knowing I have someone I can count on and be able to come when I do have a immediate need. I will be calling them for my future needs as well.

“The price is fair”

I would highly recommend this company to anyone who needs help. The price is fair and it covered all the work he did. He even helped with a Word project afterwards because he's just that nice! Thank you again. I will not hesitate to call again if ever needed!

Robin H.- Granada Hills, CA

CheckupTech
5.0
2015-12-21T18:11:45+00:00

Robin H.- Granada Hills, CA

I would highly recommend this company to anyone who needs help. The price is fair and it covered all the work he did.
4.0
5

Q&A


Unlike the Meaningful Use incentive program, any organization that comes into contact with PHI has no option but to introduce measures to comply with HIPAA – it´s the law. The HIPAA Security Rule, the (revised) HIPAA Privacy Rule and the HIPAA Breach Notification Rule are all examples of the regulations healthcare organizations need to adhere to, to protect patient privacy.
The enactment of the Final Omnibus Rule in 2013 doubled the maximum fine for a single violation of HIPAA from $25,000 to $50,000 per compromised patient record. This meant that when the New York-Presbyterian Hospital inadvertently disclosed the unsecure records of 6,800 patients on the Internet, the potential fine for the violation of HIPAA could have been as much as $340 million. Fortunately (for the New York-Presbyterian Hospital) the breach of PHI was settled for $3.3 million.

HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information.
Most health plans and health care providers that are covered by the new Rule must comply with the new requirements by April 14, 2003.

The HIPAA Privacy Rule for the first time creates national standards to protect individuals’ medical records and other personal health information.

It gives patients more control over their health information.
It sets boundaries on the use and release of health records.
It establishes appropriate safeguards that health care providers and others must achieve to protect the privacy of health information.
It holds violators accountable, with civil and criminal penalties that can be imposed if they violate patients’ privacy rights.
And it strikes a balance when public responsibility supports disclosure of some forms of data – for example, to protect public health.

For patients – it means being able to make informed choices when seeking care and reimbursement for care based on how personal health information may be used.

It enables patients to find out how their information may be used, and about certain disclosures of their information that have been made.
It generally limits release of information to the minimum reasonably needed for the purpose of the disclosure.
It generally gives patients the right to examine and obtain a copy of their own health records and request corrections.
It empowers individuals to control certain uses and disclosures of their health information.

As required by Congress in HIPAA, the Privacy Rule covers:

      Health plans
      Health care clearinghouses
      Health care providers who conduct certain financial and administrative transactions electronically. These electronic transactions are those for which standards have been adopted by the Secretary under HIPAA, such as electronic billing and fund transfers.

These entities (collectively called “covered entities”) are bound by the privacy standards even if they contract with others (called “business associates”) to perform some of their essential functions. The law does not give the Department of Health and Human Services (HHS) the authority to regulate other types of private businesses or public agencies through this regulation. For example, HHS does not have the authority to regulate employers, life insurance companies, or public agencies that deliver social security or welfare benefits. See our business associate section and the frequently asked questions about business associates for a more detailed discussion of the covered entities’ responsibilities when they engage others to perform essential functions or services for them.

No. A health plan satisfies the HIPAA Privacy Rule’s requirements for providing the notice by distributing its notice only to the named insured of a policy under which coverage is provided both to the named insured and his or her dependents. See 45 CFR 164.520(c)(1)(iii).
Covered health care providers that maintain an office or other physical site where they provide health care directly to individuals are required to post their entire notice at the facility in a clear and prominent location. The Privacy Rule, however, does not prescribe any specific format for the posted notice, just that it include the same information that is distributed directly to the individual. Covered health care providers have discretion to design the posted notice in a manner that works best for their facility, which may be to simply post a copy of the pages of the notice that is provided directly to individuals.
The HIPAA Privacy Rule requires a covered health care provider with direct treatment relationships with individuals to give the notice to every individual no later than the date of first service delivery to the individual and to make a good faith effort to obtain the individual’s written acknowledgment of receipt of the notice. If the provider maintains an office or other physical site where she provides health care directly to individuals, the provider must also post the notice in the facility in a clear and prominent location where individuals are likely to see it, as well as make the notice available to those who ask for a copy. See 45 CFR 164.520(c) for other notice provision requirements.
No. If a plan falls within the definition of small health plan in 45 CFR §160.103, it was required to be compliant with the HIPAA Transactions and Code Sets Standards Rule on October 16, 2003. Small health plans must also be in compliance with the HIPAA Employer Identifier Rule as of August 1, 2005, the HIPAA Security Rule as of April 20, 2006, and the National Provider Identifier Rule as of May 23, 2008.

The Department of Health and Human Services (HHS) will publish guidance regarding implementation of these other HIPAA rules as their compliance dates approach. Information regarding compliance with the non-privacy HIPAA rules is available on the HHS Centers for Medicare and Medicaid Services Web site.

For the average health care provider or health plan, the Privacy Rule requires activities, such as:

  • Notifying patients about their privacy rights and how their information can be used.
  • Adopting and implementing privacy procedures for its practice, hospital, or plan.
  • Training employees so that they understand the privacy procedures.
  • Designating an individual to be responsible for seeing that the privacy procedures are adopted and followed.
  • Securing patient records containing individually identifiable health information so that they are not readily available to those who do not need them.

Responsible health care providers and businesses already take many of the kinds of steps required by the Rule to protect patients’ privacy. Covered entities of all types and sizes are required to comply with the Privacy Rule. To ease the burden of complying with the new requirements, the Privacy Rule gives needed flexibility for providers and plans to create their own privacy procedures, tailored to fit their size and needs. The scalability of the Rule provides a more efficient and appropriate means of safeguarding protected health information than would any single standard. For example,

  • The privacy official at a small physician practice may be the office manager, who will have other non-privacy related duties; the privacy official at a large health plan may be a full-time position, and may have the regular support and advice of a privacy staff or board.
  • The training requirement may be satisfied by a small physician practice’s providing each new member of the workforce with a copy of its privacy policies and documenting that new members have reviewed the policies; whereas a large health plan may provide training through live instruction, video presentations, or interactive software programs.
  • The policies and procedures of small providers may be more limited under the Rule than those of a large hospital or health plan, based on the volume of health information maintained and the number of interactions with those within and outside of the health care system.
  • OCR plans to conduct desk and onsite audits for both covered entities and their business associates. The first set of audits will be desk audits of covered entities followed by a second round of desk audits of business associates. These audits will examine compliance with specific requirements of the Privacy, Security, or Breach Notification Rules and auditees will be notified of the subject(s) of their audit in a document request letter. All desk audits in this phase will be completed by the end of December 2016.

    The third set of audits will be onsite and will examine a broader scope of requirements from the HIPAA Rules than desk audits. Some desk auditees may be subject to a subsequent onsite audit.

    The audit process will employ common audit techniques. Entities selected for an audit will be sent an email notification of their selection and will be asked to provide documents and other data in response to a document request letter. Audited entities will submit documents on-line via a new secure audit portal on OCR’s website. There will be fewer in person visits during these Phase Two audits than in Phase One, but auditees should be prepared for a site visit when OCR deems it appropriate. Auditors will review documentation and then develop and share draft findings with the entity. Auditees will have the opportunity to respond to these draft findings; their written responses will be included in the final audit report. Audit reports generally describe how the audit was conducted, discuss any findings, and contain entity responses to the draft findings.

    Difference between success and failure

    $0.00
    What message does a $4.5 million fine and prison time send