October 5, 2016

HIPAA Review & Training

We believe HIPAA Compliance should not derail a practice

 

HIPAA Portal

The HIPAA Portal (our proprietary tool) was designed to simplify every aspect of the privacy and security rule requirements. The HIPAA Portal allows an organization's privacy/security officer to perform their duties in a much more simplified manner than the current process of compiling/maintaining a physical HIPAA Compliance Notebook. All HIPAA required documents, forms, logs, policies & procedures, notifications are organized in a digitally accessible library of documents, which allows for simple reporting in the face of an audit, breach, or disaster.

Around 90% of all data/information in a covered entities' HIPAA Portal is automated in accordance to our pro-active monitoring systems, all of which can be accessed with very minimal (but secure) effort. 

 

 

Services are implemented in accordance to our Risk Assessment findings

To ensure that our services remain the best possible solutions for our covered entity partners, we conduct monthly penetration and vulnerability testing. By conducting the testing we are able to identify shortfalls that may pose a risk to your HIPAA Compliance. To best prepare for a possible federal audit we make sure to provide you with everything you need in order to be on your way to HIPAA Compliance. Let's face it, you are a Health provider and not a technician, let us help you finally solve HIPAA Compliance and IT Security. With ephiit's comprehensive HIPAA Compliance Solutions your practice will implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.

Our goal is to identify and address all HIPAA Compliance shortfalls, in accordance to all federally mandated safeguard requirements. 

 

Our Tools & Solutions are an answer to all Federal Requirements

ephiit compliance

Federal Safeguard Requirements

ephiit's HIPAA Compliance & IT Security Solutions protects covered entities & their business partners from a myriad of threats that could be potentially harmful to a practice or organization. With covered entities becoming more dependent on online platforms, everyone handling any type of personal health information are more prone to threats as a result of inadequate IT security. Our HIPAA Compliance and IT security Solutions are an answer to all of the following safeguard requirements.

Administrative Safeguards

The Administrative Safeguards are the internal organization, policies, procedures security measures that protect PHI. Included in these safeguards is the requirement that each organization have a designated IT Security Officer and a Privacy Officer. These two individuals are charged with putting the measures in place to protect PHI and to govern the conduct of the workforce in relation to protecting PHI.

Central to protecting PHI is the Risk Assessment, this process must be done at least annually to discover and allow for addressing weaknesses in PHI safeguards. It is not enough to complete a Risk Assessment, but to ensure they are comprehensive and ongoing. .

Physical Safeguards

The Physical Safeguards are physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion. These measures could include locking cabinets, security locks on various devices, entry logs, Uninterruptible Power Supplies (UPS), maintenance records, and the like. This safeguard includes disaster plans and contingency plans in case of damages to the physical facilities.

Technical Safeguards

Technical Safeguards are the technology and the policies and procedures for its use that protect PHI and control access to it. The two keys to this safeguard is that users must have unique login names and complex passwords, and the requirement that PHI must be encrypted when stored or transmitted beyond an organization´s internal firewall systems. This effectively renders PHI indecipherable and unusable in the event of a breach. The other elements of this safeguard must be addressed, but the method of meeting the requirements is not mandated the rule.