As a result of the changes driven by The HITECH (Health Information Technology for Economic and Clinical Health) Act, all Covered Entities and Business Associates must be compliant and completing a formal Security Risk Analysis is a crucial step in doing so. Enforcement of compliance has increased significantly over the last year and includes the following:
- Mandatory Audits
- Business Associates Must Comply With New Laws
- Subcontractors Must Comply With New Laws
- Non-compliance Fines Are Being Enforced
- Stiffer Penalties
- Jurisdiction Provided To State Attorneys General To File Civil Actions Against Violators
Because of this, it is more important now, than ever before, to build your organizations risk management program on a methodical and proven software solution.
Based on NIST 800-series methodologies, HIPAA One® rigorously follows the 9-step process to conduct a Security Risk Analysis per the following Federal guidance:
After working in HIPAA Security since 2006 in Health I.T. environments, we began focusing on the HIPAA Security Rule translating the complex requirements and rules into pragmatic, repeatable process. Married with medical workflow and real-world experience, HIPAA One® was originally designed so many consultants could perform the HIPAA SRA process in a consistent and complete fashion improving quality. We took cues from the PCI industry’s best self-assessment questionnaires (PCI-SAQ) and incorporated these evolutions into our first release. Although it does help to have security experience to use HIPAA One®, it is designed so anyone with attention to detail can successfully complete the process. Reporting, documentation are all automated providing all the features spreadsheets don’t while providing build-in controls to ensure the process is complete and satisfies all requirements.
Good: Guided Self-Assessment & Risk Analysis*
If your organization has an internal HIPAA Security Officer, or someone who wants to independently perform their own internal HIPAA Security Risk Analysis as part of a comprehensive risk management program, this option may be best for you and is the most cost-effective solution. This option covers all 78-HIPAA-compliance checks and is the “bare minimum” to check compliance and conduct a HIPAA Security Risk Analysis for the organization using our step-by-step, guided HIPAA One® workflow. Our certified-audit team will kick-off the process by setting up the software, and provide unlimited support throughout your project to ensure completion. The software comes with delegation, role-based setup and use to ensure collaboration between departments improving communications, awareness and operational clarity.
Better: Remote Risk Analysis*
Want additional liability protection? You may wish to have our certified audit team provide full analysis of each response ensuring appropriate controls are in place, and functioning properly. In other words, our team remotely provides all deliverables, physical walk-through checklists, remediation planning guidance and support and signing of the final report.
If you organization needs additional resources to complete the risk analysis and desires full guidance, consulting and training, this is a cost-effective way to ensure these services are all delivered remotely saving travel costs and approximately 20% of the professional services fees.
Best: Onsite Risk Analysis*
The preferred delivery model for larger organizations, or organizations desiring “boots on the ground”, in addition to the Remote Risk Analysis, our team visits each site conducting a physical walkthrough checking for physical security, ePHI media, encryption, malware & software patches among onsite remediation planning and Executive Presentation of the results. For HIPAA controls already in place, we measure security process maturity in an effective comprehensive risk management program. This is the traditional onsite HIPAA Security Risk Analysis desired by most organizations and provides the maximum impact.
- 1 year of access to our SaaS platform
- Access to our experienced, certified audit and security team
- Nessus Professional Feed® Vulnerability Scan
- Policies and Procedures Templates
- $100,000 Breach Assurance
- Automated Risk Analysis, documentation and reporting
- Unlimited users and remediation updates
- State, Federal and Best Practice updates
- Access to our Certified Audit Support Team
- Web site “Certified Compliant Seal”
- All data portable to PDF or .csv file