HIPAA Compliance

Avoid Audits with Help from Experts

Abiding by HIPAA’s policies is, quite simply, mandatory. And unfortunately, the rules are extensive. Knowing how to stay compliant is a full-time job. Outsourcing billing to a trustworthy company certainly helps, but often providers need more. At Valletta, we continuously educate ourselves on the intricacies of HIPAA and the corresponding regulations. We do our part on the back-end and happily offer our clients advice for the front-end.

HIPAA Compliance

What is it?

According to the HHS,

The goal of the Security Rule is to protect the privacy of individuals’ health information while allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care.


The U.S. Department of Health and Human Services has numerous policies to protect patient privacy. These policies have resulted in extensive operational requirements for practices. In other words, there are numerous standards practices should follow when carrying out their daily operations.

What does that mean for you?

Healthcare providers and organizations must operate in a certain way, or face audits, fines, or worse.

• • •

Exploring a Few Aspects of the HIPAA Security Rule

Transmitting Patient Information Electronically

Electronically Protected Health Information (e-PHI): all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form



Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;


Identify and protect against reasonably anticipated threats to the security or integrity of the information;


Protect against reasonably anticipated, impermissible uses or disclosures; and


Ensure compliance by their workforce.

How are Providers Judged without more Specific Standards?

The HHS tries to be reasonable. It understands that medical practices come in all different shapes and sizes. Therefore, it considers factors like cost and feasibility when determining whether an organization is sufficiently protecting the privacy of its patients.



its size, complexity, and capabilities,


its technical, hardware, and software infrastructure,


the costs of security measures, and


the likelihood and possible impact of potential risks to e-PHI.

Self-Assessment Also Plays a Role

The HHS requires organizations to undergo risk analysis and management, in order to better determine the effectiveness of their security measures. When the HHS conducts a Compliance Audit, it considers the results and response to any internal risk assessments.



Evaluating the likelihood and impact of potential risks to e-PHI;


Implementing appropriate security measures to address the risks identified in the risk analysis;


Documenting the chosen security measures and, where required, the rationale for adopting those measures; and


Maintaining continuous, reasonable, and appropriate security protections.

A Few of the Required HIPAA Safeguards

Security Personnel

A covered entity must designate a security official who is responsible for developing and implementing its security policies and procedures.

Information Access Management

A covered entity must implement policies and procedures for authorizing access to e-PHI, only when such access is appropriate based on the user or recipient’s role.

Facility Access and Control

A covered entity must limit physical access to its facilities while ensuring that authorized access is allowed.

Workstation & Device Security

A covered entity must implement policies and procedures to specify proper use of and access to workstations and electronic media.

Workforce Training & Management

A covered entity must provide for appropriate authorization and supervision of workforce members who work with e-PHI. A covered entity must train all workforce members regarding its security policies and procedures, and must have and apply appropriate sanctions against workforce members who violate its policies and procedures.

Transmission Security

A covered entity must implement technical security measures that guard against unauthorized access to e-PHI that is being transmitted over an electronic network.

The Brass Tacks of HIPAA

The unfortunate reality with HIPAA is that optimal internal procedures don’t necessarily align with the guidelines laid out by the HHS. When it comes to protecting clinicians and their practices, there are certain realities that the HHS doesn’t reveal. Medical providers need experts to maximize their interests. Contact Valletta today to learn more about how to protect yourself.

Contact us today to receive more information or speak with a Valletta billing expert.



    Visit our Blog

    for further information about HIPAA and much more.


    Recent Blog Posts Relating to:


    A management and billing staff consisting of the most experienced individuals in the Industry.

    Learn More


    Solutions for every step of the revenue cycle, plus compliance, value-based care, and more.

    Learn More


    We partner with the best to help our clients get to the next level.

    Learn More

    WHY US?

    Maximize return on investment with highly accurate results and best-practice customer service.

    Learn More