Skip to main content

Does your IT company provide full HIPAA Security Risk assessments and Audits?

29 July, 2018

At our IT company, we understand the critical importance of adhering to HIPAA regulations, not only for medical facilities but also for various other businesses that handle sensitive data. With the increasing sophistication of cybercriminals, it has become crucial for organizations to conduct thorough HIPAA audits to protect their data and maintain compliance with the law.

The following are some of the entities required by law to undergo HIPAA audits:

  • Hospitals
  • Urgent Care Clinics
  • Dental Offices
  • Nursing Homes
  • Behavioral Health Facilities
  • Diagnostic Labs
  • Correctional Facilities
  • Pharmacies

However, there are numerous other businesses that are equally exposed to potential security threats, including:

  • IT Service Providers
  • Shredding Companies
  • Document Storage Companies
  • Attorneys and Accountants
  • Collection Agencies
  • EMR companies
  • Data Centers
  • Online Backup companies
  • Cloud vendors
  • Insurance Agents
  • Revenue Cycle Management vendors
  • Contract Transcriptionists

We offer a range of comprehensive reports as part of our HIPAA Services:

HIPAA Policies and Procedures

These documents outline the best practices for complying with the technical requirements of the HIPAA Security Rule. They are meticulously formulated, referencing specific code sections, and are crucial for demonstrating compliance during an audit.

HIPAA Risk Analysis

The foundation of the entire security program, the Risk Analysis identifies locations of electronic Protected Health Information (ePHI), vulnerabilities, threats, and the likelihood and impact of potential breaches. Regular Risk Analysis, performed at least annually, helps address and prevent data breaches.

HIPAA Risk Profile

An abbreviated version of the Risk Analysis, the Risk Profile provides interim reporting in a streamlined manner, helping to update the Risk Analysis, document progress in addressing risks, and identify new threats.

HIPAA Management Plan

Based on the Risk Analysis, this plan outlines strategies and tactics to minimize, avoid, or respond to risks effectively. A risk scoring matrix aids in prioritizing risks and allocating resources efficiently.

Evidence of HIPAA Compliance

Documentation is vital in audits and investigations. Our comprehensive Evidence of Compliance includes log-in files, patch analysis, user and computer information, and other supporting materials.

External Network Vulnerability Scan

Detailed reports identify security holes, warnings, and informational items after scanning the target network externally.

HIPAA On-Site Survey

A thorough list of questions covering physical and technical security that cannot be gathered automatically, addressing critical aspects of security.

Disk Encryption Report

Identifies encrypted drives and volumes across the network, enhancing data protection.

File Scan Report

Identifies data files stored on devices, preventing data breaches by identifying potential vulnerabilities.

User Identification Worksheet

Helps identify authorized users and promptly disables access for terminated employees and vendors.

Computer Identification Worksheet

Identifies devices that store or access ePHI, supporting data management strategies.

Network Share Identification Worksheet

Identifies network shares storing or accessing ePHI, contributing to secure data storage and encryption.

HIPAA Supporting Worksheets

A collection of individual documents providing detailed information and raw data to back up the Evidence of Compliance.

For more information on our HIPAA Services and the comprehensive reports we offer, please feel free to contact us. We are committed to ensuring your business maintains robust data security and compliance with HIPAA regulations.

29 July, 2018