Identity theft, stolen computer disks, malfunctioning computers, hackers and other preventable losses of information — these are just a few of the hazards facing all businesses that receive, store and transmit data in electronic form. Many health care providers too face these same hazards. Much of the electronic health information they hold is critical to their business and vital to the care of their patients. Providers face major problems if their patient’s sensitive information is stolen, misused, or unavailable. SaalexIT has over 10 years of experience in working with the Federal Government in highly regulated IT security and compliance arenas. SaalexIT is armed with the professional expertise and hands-on knowledge required in helping its clients to be HIPAA Compliant.
Does your business need help in understanding the voluminous regulations and nuances of IT Security or HIPAA Compliance? Is your practice considering purchase of an Electronic Health Records (EHR) system, but the vendor doesn’t install the necessary hardware and networking components? Contact SaalexIT today for a FREE EHR implementation evaluation, or if you are interested in evaluating your practice’s HIPAA Compliance, contact us for a FREE HIPAA Compliance on-site evaluation.
Areas of your on-site evaluation will consist of:
- Risk Assessments – Documenting and thoroughly understanding access to Protected Health Information (PHI) and your network systems and workflows is a critical first step in HIPAA Compliance – it’s required! We identify and document the hardware, software, network components and devices (e.g. iPads, Smart Phones, Tablets, etc.) that have access to, store, and transmit Electronic PHI. This is the only reasonable way that you can evaluate the risk of breaches in your current systems, and is also a big first step in acquiring an EHR System should you choose to do so.
- A Review of your Policies and Procedures – We analyze the mechanisms in place that controls who can access what data, and determine whether encryption is used to enhance this capability. The standards require you to determine which transmissions of data are at risk of being accessed by unauthorized users. Some areas to consider are: Patient billing info, Utilization and Case Management Data, Patient Health Information, Lab work, and email correspondence with Patients, and even with third-party vendors.
- Secure Offsite Backup Storage Assessment – Protecting electronic data from loss or corruption is a critical component of computer security. Loss of data from emergencies, disaster or mechanical disk failure, or viruses are just a few of the risks that face your business. A solid contingency plan will include a back system which will create exact copies of the data. Knowing how much data you have will be important in understanding how much backup space you need. At a minimum, your backup system should be able to store all of the critical data needed to run your practice in the event of a disaster. An analysis should be conducted to identify these critical data.
- Disaster Recovery and Business Continuity Check – How is your business currently prepared to cope with a disaster? Even if you have tape backup of your data, will your systems be operable if the server housing them crashes? How long can your business be down before it causes catastrophic damage?
- Firewalls, Malware, Virus Protection and Intrusion Detection – We perform a security assessment to determine how secure your networks are from hackers and nefarious attacks from viruses that can steal passwords, log into systems and steal Electronic PHI.
- Annual Security Audits and Reporting – As part of HIPAA compliance, you should have an annual Security Audit and Reporting to provide an audit trail or who accessed what and how. This will only be possible after understanding your network hardware, software, workflows and administrative access policies as stated above.
If your organization has not implemented the appropriate safeguards to protect the health information of patients and plan members, now is the time to take action. Non-compliance carries a significant cost. Today, the Office for Civil Rights is taking a tougher stance on HIPAA violations.
Contact SaalexIT today for a FREE on-site assessment of your HIPAA Compliance and Security Procedures.