HIPAA Compliance


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandates national standards for electronic health care transactions in the United States. The National Institute of Standards and Technology (NIST) published a Security Rule for HIPAA in 2008 that assists covered entities in applying federal information security requirements adopted under HIPAA. Many sub-contractors who bid or work on Department of Defense (DoD) projects will need to achieve NIST compliance by the end of 2017. The following items illustrate some of the ways in which Rappahannock IT can help you meet the standards specified in NIST publication 800-171 for Controlled Unclassified Information (CUI).

Rappahannock IT Responsibilities

Rappahannock IT can assess the application of security controls in information systems, typically for the purpose of developing and implementing procedures for correcting observed deficiencies in those controls. Configuration management responsibilities of Rappahannock IT include the establishment of baseline configurations for information systems. We also perform inventories for those systems, including documentation, hardware, software and firmware.

Rappahannock IT can establish the capability for responding to operational incidents, including documenting, tracking and reporting those incidents to the appropriate authorities. The identification and correction of system vulnerabilities can also help protect those systems from malicious code.

Rappahannock IT helps clients create and retain audit records for information systems, which facilitate the reporting of illegal or unauthorized activity on those systems. We can also ensure that this activity is traced back to individual users so they can be held accountable for their actions. Rappahannock IT can provide training on current security requirements, including the identification of system vulnerabilities and methods of mitigating their risk.

Client Responsibilities

Clients must assess the security controls in their information systems periodically to determine their effectiveness. They also need to develop and implement plans to correct deficiencies in those controls. The configuration management responsibilities of clients primarily include informing Rappahannock IT when their baseline configurations and inventories change.

Clients should establish capabilities for handling operational incidents, including the documentation, tracking and reporting of those incidents. They also need to provide physical protection for their information systems, which generally involves limiting the physical access of those systems and operating environments to authorized individuals.

The audit and accountability responsibilities of the client primarily include periodic reviews of the audit records to ensure the activities on their information systems are lawful, authorized and appropriate. Clients must ensure they can trace those actions back to individual users and hold them accountable for their actions. Clients must also train the users of their information systems on the security risks of those systems.

Rappahannock IT has experience in providing IT services to small and medium-sized businesses for over 10 years. Our managed services and on-site engagements include NIST and HIPAA compliance in partnership with companies like Dell, HP, Cisco, Fortinet and Microsoft. We can also manage our client’s IT infrastructure remotely and provide helpdesk services. Contact us today for an assessment of your compliance requirements.

how can we help you?

Contact us at our Fredericksburg office or submit an inquiry online.

When it comes to your IT needs, look no further than Rappahannock IT.

I work for a small business in Spotsylvania that requires a solid IT network. The system that we had was antiquated and desperately needed to be replaced. This was a large job that consisted of configuring switches, and running more than 70+ CAT6A drops. We obtained a quote from another vendor, but they were more focused on upselling us, instead of providing a quote for what we needed. Rappahannock provided knowledgeable, professional advice during the walk through consultation. They were able to accommodate our business needs and provided us with exactly what we needed to ensure our business runs more effectively. We haven’t had any kinks with our installation and will absolutely be using Rappahannock IT for any of our future IT needs.

Dillon C.

Let us elevate your business's information technology