HIPAA Compliance / Meaningful Use Attestation
Components of a HIPAA Risk Analysis and how it maps to the HIPAA Security Rule
MainStream Technologies, Inc. will help with your Meaningful Use Attestation. Using our tools and experience, we will quickly provide you with an assessment and develop a plan to get you compliant!
Our HIPAA Gap Analysis Covers the Following Standards:
Administrative Safeguards
Physical Safeguards
Technical Safeguards
Organizational Safeguards
Policies and Procedures and Documentation Requirements
Conducting an IT Risk Analysis and mitigating security deficiencies is one of the core objectives for Meaningful Use attestation of Electronic Health Records. All providers that choose to apply for Meaningful Use incentives need to have conducted a formal security risk analysis of their EHR system and associated processes for each stage. That security Risk Analysis must be conducted according to the Department of Health and Human Services / Office for Civil Rights “Guidance on Risk Analysis Requirements under the HIPAA Security Rule” [Source: Center for Medicare & Medicaid Services (CMS)]
MainStream Technologies is continually improving on and developing specialized tools and procedures in order to help you meet the continual evolvement of needs required of small and medium sized healthcare providers.
Deliverables You Can Expect:
Assurance your clinic follows the required and trusted standard found in NIST SP800-30, “Risk Management Guide for Information Technology Systems” and meets/exceeds all the requirements specified in the “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”
We will pinpoint your organization’s threats and vulnerabilities
Identify controls and protections currently in place as well as any gaps
Calculation of risk ratings and where your organization should focus remediation efforts
Prioritize controls needed to protect highly sensitive ePHI
Findings, Observations and Recommendations Report
How You Will Benefit:
Obtain Meaningful Use incentive money
Be prepared in the event of a Mandatory HIPAA Audit
Avoid embarrassing data breaches
Avoid the legal cost of unauthorized disclosure of Protected Health information
If the organization is a Business Associate provide assurance to its customers
Make data security a competitive advantage
HIPAA Health Insurance Portability and Accountability Act
Title II - Administrative Simplification - Security Rule
Standard Details of the Security Rule
Business Associate Contracts and Other Arrangements (§ 164.308(b)(1)), (§ 164.314(a)(1))
Contingency Plan (§ 164.308(a)(7))
Access Control (§ 164.312(a)(1))
Information Access Management (§ 164.308(a)(4))
Device and Media Controls (§ 164.310(d)(1))
Integrity (§ 164.312(c)(1))
Security Management Process (§ 164.308(a)(1))
Assigned Security Responsibility (§ 164.308(a)(2))
Security Incident Procedures (§ 164.308(a)(6))
Evaluation (§ 164.308(a)(8))
Audit Controls (§ 164.312(b))
Policies and Procedures (§ 164.316(a))
Documentation (§ 164.316(b)(1)
Access Control (§ 164.312(a)(1))
Audit Controls (§ 164.312(b))
Integrity (§ 164.312(c)(1))
Transmission Security (§ 164.312(e)(1))
Workforce Security (§ 164.308(a)(3))
Security Awareness and Training (§ 164.308(a)(5))
Facility Access Controls (§ 164.310(a)(1))
Workstation Use (§ 164.310(b))
Workstation Security (§ 164.310(c))
Access Control (§ 164.312(a)(1))
Audit Controls (§ 164.312(b))
Integrity (§ 164.312(c)(1))
Person or Entity Authentication (§ 164.312(d))
Functional Assessment Scope
… how we audit the standards
Business Associate Oversight: Identification of Critical Vendors, Vendor Due Diligence, and Documentation Review
Business Continuity: Data Backup, Disaster Recovery, and Business Impact Analysis
Data Security: EPHI Disposal, Storage, and Transmission
Information Security Program: Risk Management and Incident Detection and Response
Network Analysis: Architecture, Access Control, Device Management, and Event Management
Personnel Security: Hiring Processes, Security Awareness, and Security Training
Physical Security: Data Center, Facilities, and Environmental Concerns
Systems Analysis: Patching, System Hardening, Anti-Virus, Upgrade Procedures, System Access, Logging, Password Policies, and Account Lockouts
MainStream Technologies will complete your risk analysis and assist you in planning for specific risk mitigation steps in the form of implementing security controls and/or correcting security deficiencies. We are able to assist you with the risk analysis of all brands and types of EHR systems. We can tailor our risk analysis consulting services to meet your specific current as well as any future needs.
Contact us and one of our team will be in touch.