H.I.P.A.A Compliance Made Easy Products and Services Provided by: Prevare IT Solutions 100 Cummings Center Suite 225D Beverly, MA 01915 Info-HIPAA@prevare.com 877-232-9191
Dear Health Care Professional, Prevare IT Solutions has simplified your organization s concerns regarding the HIPAA Compliance Law. We have a four-step program in which we address all of your current communication process followed by a cost effective solution to implement the appropriate technology solutions that comply with HIPAA regulations. Prevare is a complete solutions provider and will help manage your systems on a regular basis. We will deploy the appropriate appliances at your location with all reasonable safeguards considered prior to implementation. These solutions will bring your organization in compliance and also have the ability to communicate directly with third parties with minimal effort in the future. Please fill out the two forms enclosed (the organizational profile and the technical assessment), of your current systems or call one of our technical staff to assist. Fax request for HIPAA Gap Analysis to: Prevare LLC Fax: 978-232-9630 Info-HIPAA@prevare.com
100 Cummings Center, Suite 225D, Beverly, MA 01915 HIPAA Compliance Prevare LLC, a leading IT outsourcing and IT security company, located in Beverly, Massachusetts, is pleased to offer our services to address your HIPAA issues with: HIPAA Compliance Solutions Systems Integration IT Support Managed Services The process consists of: Step one: Step two: Step three: Step four: Gap Analysis We will do an examination of your electronic information systems focusing on the security of information flow. We will submit a report outlining your HIPAA compliance status. Technology Plan We recommend a step-by-step solution for achieving HIPAA compliance, tailored to your business needs and budget. Implementation We will work with your staff and computer systems to ensure that the Technology Plan is successfully implemented. On-going Support We will be there to train your staff and keep your systems in compliance. Begin your journey to HIPAA compliance with a phone call or e-mail to: Prevare IT Solutions (978) 232-9191 info-hipaa@prevare.com phone: (978) 232-9191 toll free: (877) 232-9191 fax: (978) 232-9630 e-mail: mail@prevare.com www.prevare.com
Gap analysis evaluation Objective To provide your organization with a simple and affordable solution that will comply with HIPAA guidelines. Prevare will review all of your current information technology systems, security hardware, software, and infrastructure. We will evaluate the method in which you currently transmit patient data electronically and identify any gaps and deficiencies in accordance with the HIPAA regulations. At this juncture, we can make the appropriate recommendations for a secure HIPAA compliant environment. We will conduct a thorough network audit of all hardware and software and create a map of your current network layout and IP structure. Prevare will identify any server, software, and security configuration changes that will help you become HIPAA compliant. In a client-server environment, employees should be able to easily access and share information and files which pertain to their day-to-day operations. This includes the ability of all users to review, create, change, and forward communications to any appropriate third party. The primary goal will be to eliminate the deficiencies, and deploy secure methods for all of your electronic communication. Project Outline Prevare s security team will completely evaluate your current computer network and systems resources in order to propose a system configuration that will accommodate all desired functionality with minimal hardware and software changes. There may be some additional software and hardware required to transmit patient data securely in a HIPAA compliant environment. We will evaluate all third party communications and deploy secure technology for all remote users. Third party billing, transcriptions, EDI, referrals, prescriptions, second opinions, etc will all be transmitted according to HIPAA guidelines. Prevare will be able to provide a list of hardware and software with firm pricing, and a timeline for deployment. A complete and detailed report will be generated to show these recommendations.
Gap analysis evaluation Page 2 of 2 HIPAA review will include detailed examination, analysis, and testing of the following: Security and disaster recovery analysis of the buildings Servers and applications running Desktops O/S and configurations OS/Apps/Hardening server/desktops Modems Antivirus(desktop/server/gateway) Firewall/VPN(border, departmental, desktop) Software security Proxy, NAT, RAS Directory services configurations Use authentication permissions Backup/Disaster recovery infrastructure Patch status for server OS and Desktop OS Data encryption(vpn/remote software) Intrusion detection systems Content Filtering products Event logging and monitoring High availability (clustering/load balancing) 802.11b WLAN Business continuity planning Physical security and access to your facilities Prevare takes great pride in customer satisfaction and in our technical resources, which will help insure that your network operation will be a success for many years to come. Please call me with any questions or changes regarding this proposal. I look forward to working with your organization in the near future. Thank You, Prevare Technical Team Prevare LLC 100 Cummings Center Suite 225D Beverly, MA 01915 877-232-9191 info-hipaa@prevare.com
HIPAA GAP Analysis Client Questionnaire The Administrative Simplification Compliance Act (ASCA) amended HIPAA allows covered entities to apply for a one-year extension, as long as they submit a compliance plan by October 15, 2002. MedSafe clients: print this form, complete the information and fax it to Prevare LLC at: 978 232 9630. If you have any questions, please call Prevare LLC at: 978 232 9191. Company Name: Address 1: Address 2: City, State ZIP: Phone number: Fax Number: Public IP address: DNS address: Web Site URL: Email Address: Other Remote Access: Contact Name 1: Title: Preferred Contact Method: Tax ID #: Medicare ID #: Type of Entity: Health Care Clearinghouse Health Plan Health Care Provider IT Provider Contact: Preferred Contact Method: Hours of Operation: Other Locations/Offices: Directions:
HIPAA GAP Analysis Client Questionnaire Continued Confidential Passwords and means of access: Note: The information requested on this page is required for our engineer to perform your HIPAA Gap Analysis audit. Please gather this information and make it available to our engineer when he arrives on-site. Administrator accounts NT domain/workgroup login Firewall login Router login local admin login database admin login Unix login Other application login 1 Other application login 2 User-level account: Locations of server room or office keys:
100 Cummings Center, Suite 225D, Beverly, MA 01915 What are Managed Services? Managed Service Provider and Managed Security Service Provider The simple explanation is a company that can deliver information to multiple customers over a network on a subscription basis. A managed service provider delivers network services such as antivirus updates on a regular basis, email tracking and content filtering, instruction detection, VPN encryption services, authentication certificates, Firewall, incident monitoring, and off-site tape backup. Strategy and tactics for a security policy? Corporate standard of conduct security process definition risk management risk mitigation cost vs loss authority to act incident reporting and escalation procedures critical information back-up and recovery system and network monitoring oversight change management. Authentication Services Services offered under this heading are: review architecture and requirements determine applicable technology AAA PKI-digital certificate, secure ID protocol design, test and implement new technology. Virus Protection Services Services include: Network perimeter virus protection clean up SMTP, HTTP AND FTP internet traffic host and server virus protection/exchange email, attachments, shared files, on-line service all automatic updated virus protection desktop virus protection automatic updates forced to the desktops. Firewall Security Protect your network perimeter by restricting network protocols and traffic: Application gateways (proxy servers) Stateful inspection Intrusion detection Virus filtering Identification Site-to-site Firewall and VPN Packet filtering Incident monitoring and response Web content filtering Recurring scanning Remote client VPN access 24x7 monitoring Prevare has the infrastructure in place and can offer you all of the necessary services to get your organization HIPAA compliant. Call our sales representative for services and costs that will fit your needs. phone: (978) 232-9191 toll free: (877) 232-9191 fax: (978) 232-9630 e-mail: mail@prevare.com www.prevare.com
Organization Profile for: Please take a few moments to tell us about your organization. This will assist us in assessing the scope of your HIPAA compliance needs. Thank you for your time. Yes No Section One Do the doctors or partners work from home? Does your organization use third party transcription? Does your organization use third party billing? Does your organization use third party referrals? Do you have remote users at home offices? Would you like remote ability from home? Do you transmit payments electronically? Do you accept credit card payments? Do you use on-line banking How do you move patient records? Electronically Courier Mail Fax Patient pickup Do you use specific medical software? Please list below: Do you use their technical support? Do you use email? Do you use the Internet for business? Do you have a policy to protect patient records and information? Do you understand managed services? Yes No Section Two Do you have a network? Do you have Internet access? Do you have a web site? Home page: Do you have IT staff? How many? Do you outsource any IT functions? Do you have a technology plan? Do you budget for medical software and support? Do you budget for IT? Does your staff use computer resources? Do they need training? Have you had computer viruses? Do you understand managed services?