October 29, 2015
The HIPAA assessment can include documentation for a number of different modules. There is a link to download a FREE HIPAA Assessment tool below.
HIPAA Policies & Procedures
The Policy and Procedures are the best practices that our industry experts have formulated to comply with the technical requirements of the HIPAA Security Rule. The policies spell out what your organization will do while the procedures detail how you will do it.
In the event of an audit, the first thing an auditor will inspect are the Policies and Procedures documentation. This is more than a suggested way of doing business. The Policies and Procedures have been carefully thought out and vetted, referencing specific code sections in the Security Rule and supported by the other reports include with the HIPAA Compliance module.
HIPAA Risk Analysis
HIPAA is a risk-based security framework and the production of a Risk Analysis is one of primary requirements of the HIPAA Security Rule’s Administrative Safeguards. In fact, a Risk Analysis is the foundation for the entire security program.
- the locations of electronic Protected Health Information (ePHI,)
- vulnerabilities to the security of the data, threats that might act on the vulnerabilities
- estimates both the likelihood and the impact of a threat acting on a vulnerability.
The Risk Analysis helps HIPAA Covered Entities and Business Associates identify:
- the locations of their protected data,
- how the data moves within, and in and out of, the organization
- what protections are in place, and
- where there is a need for more protections
The Risk Analysis results in a list of items that must be remediated to ensure the security and confidentiality of ePHI. The value of a Risk Analysis cannot be overstated. Every major data breach enforcement of HIPAA, some with penalties over $1 million, have cited the absence of, or an ineffective, Risk Analysis as the underlying cause of the data breach. The Risk Analysis must be run or updated at least annually, more often if anything significant changes that could affect ePHI.
In fact, HealthIT.gov provides a FREE HIPAA Risk Analysis tool you can download and run yourself.
HIPAA Risk Profile
A Risk Analysis should be done no less than once a year. However, we can create an abbreviated version of the Risk Analysis called the HIPAA Risk Profile designed to provide interim reporting in a streamlined and almost completely automated manner.
Whether performed monthly or quarterly, the Risk Profile updates the Risk Analysis and documents progress in addressing previously identified risks, and finds new ones that may have otherwise been missed and resulted in a data breach.
We can also complete a HIPAA Management Plan report, Evidence of HIPAA Compliance report, Disk Encryption Report, File Scan Report, and User and Computer Identification Reports.
Call Boost IT at 404-865-1289 if you want to get in compliance. It’s easier than you think.