Guided HIPAA Compliance



Similar documents
SecurityMetrics. history products expertise team awards

SecurityMetrics Business Associate HIPAA compliance program

Contents. Facts. Contact. Company Biography...4. Qualifications & Accolades...5. Executive Leadership Team...6. Products & Services...

SecurityMetrics. PCI Starter Kit

SecurityMetrics Introduction to PCI Compliance

The Impact of HIPAA and HITECH

Keeping watch over your best business interests.

See page 16. Thomas A. Vallas

How to Leverage HIPAA for Meaningful Use

Nine Network Considerations in the New HIPAA Landscape

Brown Smith Wallace, LLC

IT Security Compliance PCI DSS FOR MERCHANTS THE PAYMENT CARD INDUSTRY DATE SECURITY STANDARD WHITE PAPER

HIPAA compliance audit: Lessons learned apply to dental practices

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

Are You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS. What would you do? Session Objectives

HOW SECURE IS YOUR PAYMENT CARD DATA?

Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use

HIT Audit Workshop. Jeffrey W. Short.

HCCA Compliance Institute 2013 Privacy & Security

Payment Card Industry Standard - Symantec Services


Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.

HOW TO PREPARE FOR A PCI DSS AUDIT

PCI DSS Compliance Information Pack for Merchants

PAI Secure Program Guide

Intro. Tod Ferran, CISSP, QSA. SecurityMetrics. 2 years PCI and HIPAA security consulting, performing entity compliance audits

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

PCI Compliance for Cloud Applications

Building Trust and Confidence in Healthcare Information. How TrustNet Helps

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

PCI Compliance: How to ensure customer cardholder data is handled with care

Law Firm Cyber Security & Compliance Risks

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Are You Ready for PCI 3.1?

Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security

Agenda. Agenda. Security Testing: The Easiest Part of PCI Certification. Core Security Technologies September 6, 2007

You Need To Comply With HIPAA And You Probably Don t Even Know It!

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013

PCI DSS. CollectorSolutions, Incorporated

Mobile Device Payment Card Processing: How Secure is It? Richard Poworski CISSP, ISP, ITCP, SCF, PCI QSA, PCIP Managing Consultant

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor January 23, 2014

Ecommerce Guide to PCI DSS 3.0

Payment Card Industry Data Security Standard

Pristine Technology Solutions, Inc.

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

Payment Card Industry Data Security Standards

PCI Compliance. Top 10 Questions & Answers

THE HITECH ACT - THE TEETH AND CLAWS OF HIPAA

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

BRAND-NAME is What COUNTS!!!

White Paper September 2013 By Peer1 and CompliancePoint PCI DSS Compliance Clarity Out of Complexity

Payment Card Industry Data Security Standard

AISA Sydney 15 th April 2009

Data Security for the Hospitality

Security Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments

Payment Card Industry - Achieving PCI Compliance Steps Steps

How to Sell PCI 3.1 to Your Merchants. Matt Brown, Director of Business Development

Ready for an OCR Audit? Will you pass or fail an OCR security audit? Tom Walsh, CISSP

PCI Compliance in Multi-Site Retail Environments

plantemoran.com What School Personnel Administrators Need to know

CASRO Digital Research Conference Data Security: Don t Risk Being the Weak Link

PCI Security Compliance

DATA SECURITY. Payment Card Industry (PCI) Compliance Steps for Organizations May 26, Merit Member Conference

How To Understand And Understand The Benefits Of A Health Insurance Risk Assessment

Cybersecurity for Meaningful Use FRHA Annual Summit "Setting the Health Care Table: Politics, Economics, Health" November 20-22, 2013

YOUR HIPAA RISK ANALYSIS IN FIVE STEPS

PCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants

Well-Documented Controls Reduce Risk and Support Compliance Initiatives

The PCI Dilemma. COPYRIGHT TecForte

HIPAA and HITECH Compliance for Cloud Applications

PCI: It Never Ends. Why?

PCI Compliance Top 10 Questions and Answers

2016 OCR AUDIT E-BOOK

Payment Card Industry Compliance Overview

HOW SECURE IS YOUR PAYMENT CARD DATA? COMPLYING WITH PCI DSS

To ensure independence, PSC does not represent, resell or receive commissions from any third party hardware, software or solutions vendors.

InfoGard Healthcare Services InfoGard Laboratories Inc.

Data Security Standard (DSS) Compliance. SIFMA June 13, 2012

Property of CampusGuard. Compliance With The PCI DSS

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS

PCI DSS Overview. By Kishor Vaswani CEO, ControlCase

PCI Compliance for Healthcare

Payment Card Industry Data Security Standard (PCI DSS) v1.2

Frequently Asked Questions

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Texas House Bill 300 & HIPAA. A MainNerve Whitepaper

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE

Whitepaper. Simplifying the Payment Card Industry Data Security Standard. Abstract. A Security-Assessment.com Publication. Special points of interest:

PCI Standards: A Banking Perspective

Surviving a HIPAA Audit: What you need to know NOW So you can cope THEN. Jonathan Krasner

Solutionary provides security and compliance platform

HIPAA Security Overview of the Regulations

Transcription:

Guided HIPAA Compliance HIPAA Solutions for Office Managers and Practitioners

SecurityMetrics We protect business Since its founding in 2000, privately-held SecurityMetrics has grown from a small security company specializing in vulnerability assessment scans to a global leader of data security and compliance solutions. Headquartered in Orem, Utah, SecurityMetrics continues to provide expert security and compliance services needed to protect organizations around the world. Our Mission We aim to help organizations comply with mandates through innovative security tools, friendly customer support, and qualified expertise. Our Expertise We have more than 15 years of experience with data security and compliance, and have helped over 1 million customers. Our employees hold certifications like: Certified Information Systems Security Professional (CISSP) Certified Information Systems Auditor (CISA) Qualified Security Assessor (QSA) Approved Scanning Vendor (ASV)

Guided HIPAA Compliance We take the pain out of HIPAA compliance 1 Increase 2 Understand 3 Implement Breach Protection Consulting data security in your organization to prevent a breach Guided Risk Analysis your organization s vulnerabilities Prioritized Risk Management Plan your organization s prioritized plan 1 2 3

HIPAA can be so difficult to understand. Thanks to SecurityMetrics I now know what I need to do to become compliant. They walk you through it. SecurityMetrics HIPAA Dashboard makes it so easy to locate information I need. I could not do this without SecurityMetrics. Cela Keeton, Office Manager, Nicholas W. Feldman, DDS

1 2 3 Breach Protection Consulting We help you protect your organization from breach and fines HIPAA Compliance All In One Place The SecurityMetrics HIPAA dashboard helps you keep compliance efforts organized and progressing. You can track your risk analysis, risk management plan, training, and policies and procedures all in one place. HIPAA Breach Protection Checklist A SecurityMetrics HIPAA Support Advisor analyzes the top risks to your organization s data, which include: password management, firewalls, malware, remote access, wireless security, web browsing, email, theft, and social engineering. Addressing vulnerabilities found during the top risks review significantly increases your organization s data security. HIPAA Breach Protection We are so confident in our ability to help you secure your systems that we back our services with $100,000 breach protection. In the event of a compromise, this assists you with costs associated with regulatory fines and penalties associated with HIPAA violations and forensic investigations. Monthly Resources SecurityMetrics provides a monthly newsletter that covers HIPAA compliance and management tips, educational materials, and recent healthcare news. These resources help you stay updated, knowledgeable, and avoid pitfalls that lead to data compromise.

SecurityMetrics has been invaluable in guiding our office through the process of HIPAA compliance. An exceptional experience all around! Kathleen Arnone, Douglas G. Hammond, DMD, MSD

1 2 3 Guided Risk Analysis We do the heavy lifting of the risk analysis HIPAA Compliance Risk Analysis Health and Human Services (HHS) has levied fines for the lack of a formal and thorough risk analysis. SecurityMetrics provides an analysis of your current compliance level, a map of all systems that interact with PHI, and vulnerability and risk identification. SecurityMetrics Guided Risk Analysis includes our award-winning support to ensure your risk analysis is accurate and complete. System Vulnerability Identification All systems used to create, receive, maintain, and transmit PHI have inherent risks. As data security experts, SecurityMetrics identifies risks and vulnerabilities based on your systems in use. After creating a PHI map of your systems that interact with PHI, we produce a list of associated risks, threats, and vulnerabilities. External Network Vulnerability Scans Data thieves access protected health information (PHI) through unprotected networks. Our vulnerability scans help you achieve external network security by searching for even the most recent vulnerabilities. Our finely tuned scan engines expose weaknesses in your network. Our support team helps you repair discovered vulnerabilities to protect your patient data. Prioritized Risk Management After performing the risk analysis, SecurityMetrics provides a prioritized risk management plan. This plan is based on the results from your organization s systems, controls, risks, and vulnerabilities. The risk management plan is prioritized from high to low risk to address the most threatening risks first.

SecurityMetrics gave me the support and help to quickly review my HIPAA compliance and create the strategies needed to remain in compliance. A great and easy experience. David Hunt, Elevate Fitness and Rehab

1 2 3 Prioritized Risk Management Plan Implementation We get you secure and HIPAA compliant Guided Risk Management Plan Implementation Understanding the technical action items in the risk management plan can be difficult. Security- Metrics HIPAA experts guide you and your IT resources through implementation to ensure your organization is secure and compliant. Policies and Procedures HIPAA policies and procedures aren t just paperwork they are the blueprint to your organization s daily compliance efforts. SecurityMetrics provides customizable Privacy Rule (29), Security Rule (16), and Breach Notification policies and related procedures. SecurityMetrics policies and procedures templates save you time, energy, and money so you can focus on managing your organization. An assigned support specialist assists you in tailoring policies and procedures so that they accurately reflect the uniqueness of your organization. Compliance Certificate Once you complete your risk management plan implementation, SecurityMetrics provides a compliance certificate. The certificate verifies your compliance, assures your patients that you care about and protect their data, and is suitable for prominent display in your office.

Guided HIPAA Compliance Packages HIPAA PRO HIPAA PLUS HIPAA BASIC Annual: $2,399 Monthly: $209 Annual: $1,899 Monthly: $169 Annual: $1,099 Monthly: $99 Breach Protection Checklist $100,000 HIPAA Breach Protection (after attesting to Breach Protection Checklist) Online Portal Access (for realtime HIPAA guidance, logging, storage, documentation, and training) PHI Map and Vulnerability Identification Risk Analysis (RA) Prioritized Risk Management Plan (RMP) Guided Implementation of Risk Management Plan Unlimited External Vulnerability Scans (3 IP addresses) Monthly Publication Certificates of HIPAA Completion (RA and RMP) Certificate of HIPAA Compliance (upon full implementation of RMP) Assigned and Dedicated HIPAA Support Advisor Unlimited Live Technical Support Available 24x7 Customizable HIPAA Policy Templates (including a Breach Notification Policy) Business Associate Agreement Template Mobile Device Scanning HIPAA Training (3 seats for Security Awareness, Privacy and Security, and Responsible Use of Social Media trainings) Breach Protection Checklist $100,000 HIPAA Breach Protection (after attesting to Breach Protection Checklist) Online Portal Access (for realtime HIPAA guidance, logging, storage, documentation, and training) PHI Map and Vulnerability Identification Risk Analysis (RA) Prioritized Risk Management Plan (RMP) Guided Implementation of Risk Management Plan Unlimited External Vulnerability Scans (2 IP addresses) Monthly Publication Certificates of HIPAA Completion (RA and RMP) Certificate of HIPAA Compliance (upon full implementation of RMP) Assigned and Dedicated HIPAA Support Advisor Mobile Device Scanning Unlimited Live Technical Support Available 24x7 Customizable HIPAA Policy Templates (including a Breach Notification Policy) Business Associate Agreement Template Breach Protection Checklist $100,000 HIPAA Breach Protection (after attesting to Breach Protection Checklist) Online Portal Access (for realtime HIPAA guidance, logging, storage, documentation, and training) PHI Map and Vulnerability Identification Risk Analysis (RA) Prioritized Risk Management Plan (RMP) Guided Implementation of Risk Management Plan Unlimited External Vulnerability Scans (1 IP address) Monthly Publication Certificates of HIPAA Completion (RA and RMP) Certificate of HIPAA Compliance (upon full implementation of RMP) Assigned and Dedicated HIPAA Support Advisor One Hour/Month Live Technical Support

I appreciate the expert help from SecurityMetrics as our office worked through understanding HIPAA regulations. The staff was knowledgeable and very helpful. The validation process went off without a hitch! Kathy Marks, Office of Dr. Mike Bloom

HIPAA Compliance FAQ What is the purpose of HIPAA? The use of electronic health records has the potential to reduce costs and improve care, but has caused an increased focus on data security and introduced new vulnerabilities to healthcare organizations. The Health Insurance Portability and Accountability Act (HIPAA) was enacted to protect patient information. HIPAA includes rules on privacy, security, and breach notification with regard to protecting consumer healthcare information. Who enforces HIPAA? HIPAA is regulated and enforced by the Health and Human Services (HHS) Office for Civil Rights (OCR). Recent changes to HIPAA legislation have provided additional guidance and authority for the OCR to enforce HIPAA compliance through audits and financial penalties. The State Attorney General has been given authority to also levy fines related to HIPAA violations and compromises. How much can I be fined? The penalties outlined below are assessed per day and per violation. Violation Category Penalty Maximum per Calendar Year (A) Did not know $100-$50,000 $1,500,000 (B) Reasonable Cause $1,000-$50,000 $1,500,000 (C) (i) Willful Neglect-Corrected $10,000-$50,000 $1,500,000 (C) (ii)willful Neglect-Not Corrected $50,000 $1,500,000 After a breach, the HHS is not the only one with authority to mandate fines. We are also seeing class action lawsuits, State Attorney Generals, and the FTC collecting money based on HIPAA violations. Why the increased enforcement? Over 133 million breached patient records have been reported to the HHS in the past four years. These breached records have negatively impacted covered entities and business associates, resulting in over $25 million in resolution agreements and fines.

What trainings am I required to do? HIPAA requires regular employee training on both the Privacy and Security Rules. Other trainings you may consider include data security, responsible use of social media, and Payment Card Industry Data Security Standard (PCI DSS). SecurityMetrics provides these trainings. Is there a way to test my organization s risk of breach? Penetration testing, or ethical hacking, is the most accurate way to know your data is safe. A penetration test analyst examines your business environment and manually checks your network to find weaknesses the way a hacker would, through live testing. SecurityMetrics Penetration Test Analysts are experts at helping protect sensitive data. Am I required to have an onsite assessment? Onsite assessments conducted by a third party are not required to achieve HIPAA compliance, but in many cases they are recommended. Depending on the complexity of your IT infrastructure, the number of locations you have, and the way you work with PHI, you may want to consider an onsite assessment. For the majority of small covered entities, an offsite HIPAA compliance assessment is sufficient to reach compliance with the law. How do I become HIPAA compliant? Most offices have made some progress towards HIPAA compliance. However, with recent changes and an increased focus on technical security, offices are falling short. Both Privacy and Security Rules require covered entities and business associates to: Conduct an acceptable risk analysis Prepare an actionable risk management plan Make regular and demonstrable progress on the plan During pilot audits conducted by the OCR, only 2 of 64 organizations passed. Most of the noncompliant organizations had failed to perform an acceptable risk analysis.

SecurityMetrics Awards April 2015 Info Security Global Excellence Award HIPAA Onsite Audits April 2014 Utah s Best of State HIPAA Compliance Services February 2014 Stevie Award for Sales and Customer Service Healthcare Customer Service Department of the Year October 2013 Golden Bridge Awards Best Vulnerability Assessment and Remediation May 2013 Utah s Best of State Best Customer Service and Call Center June 2012 Ernst & Young Entrepreneur of the Year CEO Brad Caldwell, Technology August 2010 Inc. 500 408 th Fastest Growing Company

To discuss your office s HIPAA situation, contact us. 877.364.9183 HIPAA@securitymetrics.com SecurityMetrics

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information