Case Study: HIPAA - Business Associate Risks


A healthcare insurance brokerage firm knew it needed to comply with the Health Insurance Portability and Accountability Act (HIPAA) as a “business associate,” but did not know how to proceed, so it contacted Compliagent for guidance.  Pursuant to HIPAA, “business associates” are entities that perform functions or activities that involve the use or disclosure of Protected Health Information (PHI). 

Compliagent’s Actions: To identify our client’s risk areas and gaps, we analyzed its current practices, safeguards, and IT policies and procedures.  We drafted and implemented HIPAA-specific policies and procedures to bring them into compliance.  To ensure all personnel understood requirements under HIPAA, we provided individualized training with custom materials tailored for each job function.  We appointed and trained a HIPAA security officer at the firm so our client’s compliance with HIPAA would be maintained on a daily basis with the necessary level of scrutiny. 

Outcomes:  Our client’s risk of a potentially costly HIPAA violation is dramatically reduced.  The client’s team now has the knowledge and tools to operate in compliance of HIPAA on an ongoing basis.


“Compliagent took the burden of worry away by quickly implementing the tools we need to be HIPAA compliant.  As we hire new employees, we make sure their onboarding includes HIPAA training from Compliagent.”


Click to read more of Compliagent's Case Studies.