HIPAA Compliance Certification:

HIPAA Compliance Certification

EMR Legal Certificate of HIPAA Compliance for the Privacy and Security Regulations is as follows: The regulations state that the certification can be done “internally or by an external accrediting agency.” Jonathan P. Tomes, HIPAA consultant with EMR Legal, Inc. conducted an onsite or offsite HIPAA audit for this organization (“The Client” or “Client”) and it is our legal opinion that this Client has met the requirements of 45 C.F.R parts 160, 162, 164, the HIPAA Privacy and Security rules, the HITECH Act, and the Omnibus Rule Change of the HHS regulations. Given the expertise and specialized legal background, such a legal opinion from EMR Legal should carry considerable weight with HHS, courts, or other agencies involved in HIPAA compliance. This Client has completed guidelines set forth by EMR Legal, Inc.*EMR Legal will only issue certification after completion of a HIPAA Compliance Audit conducted by our national expert HIPAA consultants. The following steps below describe the steps this Client took with guidance from EMR Legal to achieve HIPAA Compliance Certification.


EMR Legal conducted an onsite or offsite HIPAA Compliance audit for The Client. Prior to the audit, EMR performed the following steps along with the assistance The Client:

      • EMR Legal provided a written Gap Analysis Survey Questionnaire for The Client to complete and return to EMR Legal. The GAP Survey is designed to identify HIPAA and HITECH compliance strengths and weaknesses.
      • EMR Legal reviewed and analyzed the Gap Analysis Survey Questionnaire.
      • EMR Legal, Inc. provided the client with the Veterans Press HIPAA Compliance Library.
      • EMR Legal reviewed all of the organization’s HIPAA/HITECH security policies, if any.
      • EMR Legal reviewed all of the client’s HIPAA/HITECH privacy policies, Notice of Privacy Practices, as well as any other relevant documentation.
      • Reviewed the client’s Risk Analysis, if one was been previously done.
      • EMR Legal Analyzed and prepare a written Gap Analysis Report. The report detailed any compliance inadequacies and deficiencies with suggestions for improvement in regard to any such deficiencies.


EMR Legal conducted an onsite or offsite HIPAA Compliance Audit. The following actions were taken by EMR Legal:

      • Presented the Gap Analysis Report and other findings to key personnel.
      • Assisted the client’s staff in the conduct and completion of a risk analysis.
      • Inspected the organization’s HIPAA training efforts.
      • Inspected the organization’s privacy and security programs.
      • Discussed the organization’s physical environment for potential HIPAA violations.
      • Reviewed existing policies and recommended new ones where needed.
      • Reviewed the organization’s technical environment for potential HIPAA violations.
      • Reviewed of Business Associates agreements and contracts.
      • Provided specific guidance on how to fix problems related to HIPAA/HITECH compliance.
      • Determined if Risk Assessment of network security is necessary.


EMR continued to work with the client to facilitate completion of Phase One – Initial Compliance Set Up. This typically involves leading the client through the best steps to overcome any compliance deficiencies identified by EMR, as well as the best way to accomplish any corrective action suggested by EMR. Step Three typically involves the review of additional policies and procedures as may be required as well as review of departmental risk analysis and safeguards to make sure both are adequate. Upon completion of step three, a certificate of HIPAA compliance was issued to The Client and a plaque and to proudly display at The Client’s location and for their website. Email us for more information.

Click for the BBB Business Review of this Attorneys & Lawyers in Overland Park KS