HIPAA Compliance & Certification Reviews & Compliance tools
According to the Department of Health and Human Services (DHHS), there is no such thing as HIPAA Certification. However, section 142.08(a) (1) of HHS Regulation requires covered entities (CE) to certify that they have met the security standards. The regulations state that certification can be done internally or by an external accrediting agency. In complying with this section of the regulation, your organization will demonstrate that it has documented current procedures and is therefore using General Masters, Inc. to perform a technical evaluation as part of, and in support of, the accreditation process, that establishes the extent to which your computing applications and network design and implementation meet the documented set of security requirements.
Our HIPAA Compliance review will be conducted in accordance with generally accepted auditing standard based on the Control Objectives for Information and related Technology (CoBIT) framework. CoBIT is established by the Information Systems Audit and Control Association (ISACA), the only authority for IT audits. The Association researches, develops, publicizes and promotes an authoritative, up-to-date, international set of generally accepted IT Control Objectives for day-to-day use by business managers as well as security, control and audit practitioners.
In the early years of HIPAA, fines and penalties for lack of compliance were seldom seen, causing many organizations to assume that HIPAA compliance was discretionary. But recently, several organizations have received more than a slap on the wrist in the form of hefty HIPAA-related fines for bad practices, causing many healthcare organizations to rethink their lagging efforts in implementing and enforcing HIPAA policies.
General Masters, Inc. is a premier business strategy and technology solutions firm, delivering value to clients by developing and implementing innovative digital strategies that capitalize on the opportunities presented by new technologies. We are professional services firm delivering customer-focused business solutions. We use our strength in IT for the delivery of our IT Auditing Services.
Our "HIPAA Compliance Certification" report is evaluation of your status on HIPAA compliance and why you are HIPAA Compliant. This report is very useful when insurance companies ask if covered entities are you HIPAA Compliant or HIPAA compliance has been achieved. This also helps a lot if there is an audit by DHHS on your HIPAA compliance status.
We have developed a comprehensive audit program specifically for auditing HIPAA implementation and compliance. Our audit approach addresses all the key areas of HIPAA requirements. You need us to review your environment to help ensure that your organization is in full compliance. Do not wait for the Government to tell you that you are in violation of HIPAA. We urge you to contact us for a complete HIPAA Compliance Review and Certification.
Our Audit Focus:
The DHHS Office of e-Health Standards and Services released a document with the list of Sample - Interview and Document Request for HIPAA Security Onsite Investigations and Compliance Audit Reviews. We use this document for performing our Compliance Audit Reviews.
In addition, the following are our other audit focus to ensure that your organization is in full compliance:
· Awareness , Education of staff and Flash Assessment
· Privacy Audit (Gap Analysis) of current patient health information security and privacy policies and procedures.
· Initial Assessment.
· Appointment of Enterprise-wide Information Security Officer.
· Full Plan Development.
· Security Measures Documentation.
· Project Plan Development.
· Development of policies and procedures to protect patient health information.
· Implementation of new patient health information policies and procedures.
· Development of job descriptions and training material for an Enterprise Privacy Officer.
· Ongoing support and monitoring of HIPAA rules and regulations.
· Review and Revisions to existing vendor contracts to facilitate HIPAA compliance.
· Management's Ongoing Security Monitoring.
· Maintaining Compliance: Ongoing Monitoring & Auditing Activities.
· Management's Acquisition of Complete Knowledge of critical matters.
Administrative Procedures:
Certification.
Chain of Trust Partner Agreements.
Contingency Plan.
Formal mechanism for processing records
Information Access Controls
· Access authorization.
· Access establishment.
· Access modification.
Internal Audit Participation in HIPAA Compliance.
Personnel Security.
Security Configuration Management Policy.
Security Incident Procedures.
Security Management Process.
Termination Procedures.
Training.
Our certification reviews also covers Physical Safeguards, Technical Security, Network and communication security mechanism.
Security Protection and Regulatory Compliance Monitoring Services:
We have partnered with Cyberoam – America for the delivery of proven security appliances as part of our HIPAA monitoring services to help facilitate proactive compliance. Cyberoam delivers a comprehensive security portfolio that meets both the network and endpoint protection requirements of organizations. With Unified Threat Management (UTM) appliances, Endpoint Data Protection and Cyberoam iView – The Open Source Logging and Reporting Solution, Cyberoam delivers complete visibility and control over user activity.
Cyberoam’s CheckMark Level-5 certified, ICSA firewall-certified UTM appliances are purpose-built for comprehensive network protection. They meet the high performance needs of small, medium and large enterprises with appliances ranging from CR15i to CR1500i.
Available in appliance and software form, Cyberoam iView is a logging and reporting solution that offers visibility into activity within the organization for high levels of security, data confidentiality and regulatory compliance. It provides an organization-wide security picture on a single dashboard through centralized reporting of multiple devices across geographical locations. It also achieves compliance reporting for PCI-DSS, HIPAA, GLBA and SOX and performs forensic analysis to study security breaches through logs and reports.
To obtain more information about our HIPAA Review and Certification services and Regulatory Compliance logging and reporting tools, please complete the following form and select areas of interest. Our staff will contact you shortly with a response.
|
