The organization whom proudly displays this seal on their website is HIPAA Compliant by having completed guidelines set forth by EMR Legal, Inc.* EMR Legal will only issue certification after completion of a HIPAA Compliance Audit conducted by our national expert HIPAA consultants. Read the steps below to find out how to achieve HIPAA Compliance Certification.

     The Three Step Process:

     STEP ONE:

  • EMR Legal will either conduct an onsite audit at the client’s location or determine if an offsite audit will be sufficient. Prior to the audit, EMR will perform the following steps along with the assistance the client:
  • EMR Legal will provide a written Gap Analysis Survey Questionnaire for the client to complete and return to EMR Legal.  The GAP Survey is designed to identify HIPAA and HITECH compliance strengths and weaknesses and should be completed before EMR Legal conducts its onsite audit and advance training.
  • EMR Legal will review and analyze the Gap Analysis Survey Questionnaire.
  • EMR Legal, Inc. will provide organization with the Veterans Press HIPAA Compliance Library.
  • EMR Legal will review all of the organization’s HIPAA/HITECH security policies, if any.
  • EMR Legal will review all of the organization’s HIPAA/HITECH privacy policies, Notice of Privacy Practices, if any as well as any other relevant documentation.
  • Review the client’s Risk Analysis, if one has been previously done.
  • EMR Legal will Analyze and prepare a written Gap Analysis Report.  The report will detail any compliance inadequacies and deficiencies with suggestions for improvement in regard to any such deficiencies.



  • EMR Legal conducts an onsite visit at the client’s location or conducts an offsite audit based on certain criteria provided for by the organization. The following actions will be taken by EMR Legal:
  • Present the Gap Analysis Report and other findings to key personnel.
  • Conduct HIPAA/HITECH overview training and Risk Analysis training for key supervisors, managers, and others as may be determined to be appropriate by the client and EMR.
  • Assist the client’s staff in the conduct and completion of a risk analysis.
  • Inspect the organization’s HIPAA training efforts.
  • Inspect the organization’s privacy and security programs.
  • Inspect the organization’s physical environment for potential HIPAA violations. (during an onsite visit only)
  • Review existing policies and assist writing new ones where needed.
  • Review the organization’s technical environment for potential HIPAA violations.
  • If necessary provide any remedial training to remediate immediate threatening HIPAA/HITECH compliance problem areas.
  • Review of Business Associates agreements and contracts.
  • Provide specific guidance on how to fix problems related to HIPAA/HITECH compliance.
  • Determine if penetration testing of network security is necessary
  • Onsite visits are normally one to two days, but depending on the size and locations of the organization, an onsite visit could require more time.



  • EMR will continue to work with the client to facilitate completion of Phase One – Initial Compliance Set Up.  This typically involves leading the client through the best steps to overcome any compliance deficiencies identified by EMR as well as the best way to accomplish any corrective action suggested by EMR.  Step Three typically involves the review of additional policies and procedures as may be required as well as review of departmental risk analysis and safeguards to make sure both are adequate. Upon completion of step three, a certificate of HIPAA compliance is issued to the organization, as a plaque and to proudly display on the organizations website.

*This Certificate of HIPAA Compliance issued by EMR Legal, Inc., asserts that, upon audit, review, examination, and where appropriate inspection of all information provided by the recipient named above, EMR Legal, Inc., hereby issues its professional opinion and certifies that the aforesaid recipient has demonstrated to EMR Legal, Inc., that said recipient has taken all action necessary to either meet or exceed all applicable and relevant Standards, Implementation Specifications, and Requirements of 45 C.F.R parts 160, 162, 164, the HIPAA Privacy and Security rules, the HITECH Act, and the Omnibus Rule Change as of the date set forth above.

Click for the BBB Business Review of this Attorneys & Lawyers in Overland Park KS