ONE-TIME HIPAA COMPLIANCE PACKAGE.
Not every HIPAA-Covered Entity or Business Associate knows that they are required to have a risk assessment performed, and the few that do know may have limited resources to invest in their patients’ (or their own) protection. For these organizations, we can offer a One-Time HIPAA Compliance package. Your package will include all of the documents automatically organized and prepared by the module, including: The HIPAA Policy and Procedures Document, the HIPAA Risk Analysis, the HIPAA Management Plan, and the Evidence of HIPAA Compliance. These core documents, along with all of the supporting documents are included in this offering, and will help you meet your responsibility of having the audit conducted.
HIPAA ASSESSMENT & REMEDIATION
Conducting a comprehensive Risk Assessment is one thing, but that really should not be the “end”… it should be the “means” to the end. It’s very likely that our assessment is going to uncover a number of issues that need to be addressed. Some of these issues may be nothing more difficult than training an employee to update passwords. But others could be much more serious and involved, like changing the data back-up and recovery program. Our HIPAA Compliance tool will provide a Risk Score Matrix that will prioritize the work that should be done based upon potential impact to the business and likelihood of occurrence. We can then conduct a Remediation Project that will address those issues that carry the highest risk, and highest fines.
MANAGED COMPLIANCE SERVICE
Organizations are not static, nor are their networks. New computers, software, mobile devices, equipment and files are continually being added onto the network throughout the year. And even with a relatively stable IT environment, most organizations’ employees come and go, and change positions within the organization at a regular rate. The HIPAA assessment performed today has a “shelf-life.” How long that is really depends on a number of factors, including the type of the business, size of the organization, and speed of change.
Best practice is to have a HIPAA assessment performed at some regular interval (but no less than once a year as required by law) to ensure that the organization is not only compliant at the time of the Risk Analysis – or upon completion of the follow-on remediation project – but that it REMAINS compliant at all times.
After your initial assessment and remediation project is complete, let us set you up with a schedule of periodic re-assessments, which we call Monthly Risk Profiles, to ensure continued on-going compliance.