Through an annual Software-as-a-Service (SaaS) subscription, we offer a secure web-based architecture Cloud application service, using a consultative methodology approach, working autonomously on-site and or remotely with c-level management or your senior staff, including the designated HIPAA Security or Compliance officer, and others as needed, to identify and evaluate security and privacy risk, as well as develop and execute the internal compliance audits functions for the organization. These frameworks may include ISO 2700xx, SOX, PCI-DSS, HIPAA, HITECH, GLBA, COBIT, and FISMA .
HIPAA Compliance Consulting and Management Services
1. HIPAA/HITECH SOLUTION FOR
SMALL MEDICAL PRACTICES
AND BUSINESS ASSOCIATES
Presented by:
ITS Alliances, Inc.
Aegify SecureGRC
TM
2. 2
HITECH has new CRIMINAL liabilities
WHAT HAS CHANGED?
ITS Alliances, Inc. - www.itsalliances.com - Proprietary and Confidential
3. Expanded the scope of HIPAA privacy, security
and enforcement standards to subject business
associates and their subcontractors to the same
administrative, technical and physical security
safeguard requirements as covered entities,
including civil and criminal sanctions for violating
the health information privacy of individuals.
WHAT HAS CHANGED?
ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com
4. DON'T THINK IT CAN HAPPEN TO YOU?
What if a employee steals records? 48%
What if a laptop is lost or stolen? 26%
What if a BA steals data? 20%
What if you lose a Blackberry, IPAD or other
portable data storage? 14%
What if some one steals my records after I dispose
of them? 6%
What if some one hacks into your network? 4%
What if?
What if?
It happens EVERY day.
Of the incidents reported , these were the % of cause.
ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com
5. 5
“Accordingly, we recommend that
physicians (and their business associates)
plan immediately to comply with these new
breach notification requirements”
BREACH RULES
ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com
6. 6
"Administrative safeguards" focus on workforce
training and contingency planning (45 CFR
§164.308).
The cornerstones, however, are risk analysis and
risk management—both "required." Critical and
thorough risk analysis must take place before any
attempt at regulatory compliance is made.
ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com
7. Tough getting started:
Where to begin?
Most smart CE’s and BA’s WANT to be in
compliance but don’t know where to start.
7
WHAT IS SO HARD ABOUT BECOMING COMPLIANT?
ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com
8. WEB based self assessment for
HIPAA/HITECH and Security Practices
8
SecureGRC HIPAA/HITECH
ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com
17. SIMPLE REPORTS, SORTED
BY HIGHEST RISK
ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com
18. HIPAA REPORT ON COMPLIANCE
(HROC)
18
CE
or
BA
ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com
19. SECUREGRC SB HIPAA/HITECH
SELF ASSESSMENT
1. Simple
2. Inexpensive
3. Meets and exceeds HIPAA and HITECH privacy and
security requirements for SB
4. Meets and exceeds Section 15 of Meaningful Use 1
5. Central document repository with automated audit
controls.
6. Library of sample policies, procedures and forms.
7. Extensive help and best practices
8. Requires minimal labor on your part
9. Helps manage your BA’s (Vendor Management)
10. HIPAA Report on Compliance (HROC)
ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com
Notes de l'éditeur
Keep in mind that breaches may not have been reported if the entity decided that the incident did not reach the “harm” threshold incorporated in the Finalrule, which was 500 PHI records. That has since been pulled, and it’s not clear whether there will be a harm threshold in the final rule (there shouldn’t be one). If HHS did not have the ‘harm” threshold, how many more incidents would we have learned about?Also 12 states did not file ANY reports.