 What is Compliance?
The dictionary defines compliance as “The act of complying; a yielding; as to a desire, demand, or proposal; concession; submission.”
When it comes to technology today, compliance issues can be time-consuming, costly and just plain aggravating. With so many new rules and regulations, it is not always easy to keep up with the changes while running day-to-day business.
Computing Made Simple can help. With our risk analysis audits, we can identify where your compliance strategy is working and where it is lacking. The audit report allows you to implement solutions to ensure you comply with the regulations.
Contact us today for more information.
HIPAA Technical Risk Analysis Audit
What is HIPAA?
The Department of Health and Human Services issued the Final Rule on HIPAA Security Standards in February 2003 (45 CFR Parts 160, 162, 164). Most healthcare organizations were required to comply with the Final Rule by April 21, 2005. However, organizations need to act promptly because there is significant overlap between HIPAA Security Standards and HIPAA Privacy Standards (the Privacy Standards require compliance by April 14, 2003). As noted in the Final Rule on Security Standards, “the implementation of reasonable and appropriate security measures also supports compliance with the privacy standards, just as the lack of adequate security can increase the risk of violation of the privacy standards.”
Technical Risk analysis is a critical process in the area of risk management. The final HIPAA Security Rule establishes both risk analysis and risk management as required implementation specifications.
The objective of technical risk analysis is to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic information held by the covered entity.
The HIPAA Technical Risk Analysis Audit covers the following control areas:
- Technical Procedural Security
- Personnel Security
- Disaster Recovery/Business Continuance Planning
- Physical Security
- Environmental Security
- Media Security
- Hardware Security
- Software Security
- Network Security
A complete analysis of your organization's security, including physical, network, workstation, server, and operational environments will be performed. Once the risk assessment has been completed, the results will be documented in an official report for you to review. From there, you may choose to have your existing IT provider use the findings to implement the necessary compliance changes or engage Computing Made Simple for implementation.
Please feel free to contact us if you have questions or your practice may be interested in discussing how our services can benefit your office.
|
