HIPAA Compliance Audit
The HIPAA compliance audit! service will provide you with the information you need to comply with the HIPAA Security Rules.
IS YOUR OFFICE HIPAA COMPLIANT?
Let Foris IT get you on the path to compliancy with our in house HIPAA Compliance Audit! Our service was developed by experts knowledgeable with the HIPAA Security Rules, computer and network security, and security training. The combination of these skills is apparent in the level of detail and knowledge that the service provides. Our HIPAA Compliance Solutions include HIPAA Risk Assessment, compliance testing, as well as ongoing monitoring and alerting for compliance issues. HIPAA is not a one time set it and forget it policy, it is an ongoing monitoring and maintenance policy that needs attention to ensure your systems stay compliant.
HIPAA Meaningful / Risk Assessment
HIPAA Systems Compliance Testing
HIPAA Electronic Patient Data Monitoring
HIPAA Compliance Systems Management
ALL-IN-ONE HIPAA SECURITY SERVICE FOR IT SYSTEMS
HIPAA Compliance Monitoring! consists of the following:
Agents running 24/7/365 on your computer systems that house or use patient data, the agents monitor those systems for HIPAA compliance rules and help ensure compliance. Rules such as 164.312.b 164.312.c.1 164.312.c.2 164.312.a.2.I 164.312.a.2.I and I164.312.a.1 are all monitored and alerted in our systems.
Training for your staff is not enough to be in compliance, you need to actively manage compliance and monitor and alert on suspected breaches.
Updates to your network systems such as firewalls, WIFI devices, routers, and switches, VPNs and other means of accessing the computer network also needs to be monitored and updated regularly to stay in compliance. We find these areas to be fearfully neglected in most cases.
With our HIPAA Compliance Monitoring and HIPAA Management you can rest assured that your doing all you can to ensure patient data is secure
- Policies and Procedures include:
- Security Management Process
- Assigned Security Responsibility
- Workforce Security
- Information Access Management
- Security Awareness and Training
- Security Incident Procedure
- Contingency Planning
- Business Associate Contracts
Physical Safeguards These provisions are defined as the “physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.” Policies and Procedures include:
- Facility Access Controls
- Workstation Use
- Workstation Security
- Device and Media Control
Technical Safeguards These provisions are defined as the “technology and the policy and procedures that protect electronic protected health information and control access to it (the EPHI).”
Policies and Procedures include:
- Access Control
- Audit Control
- Person or Entity Authentication
- Transmission Security
Each Policy and Procedure is a separate Microsoft Word document. The Policies and Procedures are customized with the name of your organization. Most of our clients do not require any changes or additional customizations to the Policies and Procedures but customization is an optional service if you need it.
In addition to the 18 Policies and Procedures, HIPAA Secure Now! also includes forms and checklists that address:
Risk Assessment: A detailed Risk Assessment is required under the HIPAA Security Rule. It is also considered the foundation of the HIPAA Security Rule.
The Security Management Process standard in the Security Rule requires organizations to “[i]mplement policies and procedures to prevent, detect, contain, and correct security violations.” (45 C.F.R. § 164.308(a)(1).) Risk analysis is one of four required implementation specifications that provide instructions to implement the Security Management Process standard. Section 164.308(a)(1)(ii)(A) states:
RISK ANALYSIS (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI) held by the [organization].
Foris IT will perform a detailed Risk Assessment that follows the methodology described in NIST Special Publication (SP) 800-30. Specifically the Risk Assessment will do the following:
Risk Assessment Process Methodology described in NIST Special Publication (SP) 800-30
The output of the Risk Assessment consists of a 10-15 page Executive Summary as well as a 20+ page detailed report. The Executive Summary is an easy to understand overview that discusses the current state of your overall risk to your systems that contain ePHI as well as recommendations to lower the risk to each system. The detailed report looks at each system that contains ePHI and documents the threats to the system, the vulnerabilities to the system, the current safeguards in place to protect the system and the additional recommended safeguards to lower the risk to the system.
The Risk Assessment report will give you a good understanding of the risks to ePHI and provide you with specific steps and actions that you should take to lower the risk.
HIPAA compliance is more than some online training, tests, or written policies.
To be truly compliant you need 24/7/365 systems management and testing against the HIPAA rules that apply to the physical device that houses or accesses patient data, network devices that the systems connect to, and reporting that gives us actionable results.
Combine that with our systems audit, and updates, and you have a more complete process in place to ensure compliance.
Part of the complete HIPAA Security service provided by Foris IT is 24/7/365 monitoring of your systems for policy breaches.
After we audit your network, we harden those systems to be as secure as possible while allowing you to function as a company.
Then we monitor those systems 24/7/365 and are alerted to potential issues which we can PROACTIVELY assess and correct.
This is what make our HIPAA service one of the most complete in the industry.
8:00am – 5:00pm