SlideShare a Scribd company logo

SecureGRC SB™ HIPAA and HITECH

Aegify Inc.
Aegify Inc.

ALL medical practices, called Covered Entities (CE) must be HIPAA and HITECH compliant. It does not matter if they don’t use on-line billing or EMR (See a list of type’s of CE’s in Attachment A). If they serve patients they must be compliant or they are breaking the law.

TechnologyBusiness
1 of 6
Download to read offline
SecureGRC SB™ Low end-user subscription At a low, annual end user sub- scription list price, SecureGRC SB (HIPAA / HITECH) allows to add on services and additional SecureGRC SB™ (HIPAA / HITECH) products to deliver a complete compliance and security solu- Channel Partner Step by Step process for selling, installing, and support- tion to the huge, untapped ing eGestalt’s SecureGRC SB HIPAA/ HITECH Compliance software small office Health Care market. Selling to a small medical CE. ALL medical practices, called Covered Entities (CE) must be HIPAA and HITECH compliant. It does not matter if they don’t use on-line billing or EMR (See a list of type’s of CE’s in Attachment A). If they serve patients they must be compliant or they are breaking the law. Now, if they have no technology what so ever, then they still need to be complaint, but it is much simpler process. The more technology, such as Email, on-line Complete list of all required policies applications, EMR, Off-site backup, etc, increase the complexity of becoming and and procedures available maintaining compliance and this is where SecureGRC SB comes in. Secure GRC SB is a simple WEB based assessment or questionnaire tool that leads the CE to understand what they need to do to become compliant. See example # 1 . Example # 1 The CE or BA fills out this form, and if they have evi- dence such as a policy or procedure that is required, then they attached it, and the system now catalogs and secures all the required sup- porting evidence. As an additional value add, eGestalt provides sample copies of all required polices and procedures. Elevator Pitch As I am sure you are aware HIPAA and HITECH have become front page news. Since the passing of HITECH in February 2010, both the Office of Civil Rights (OCR) and your states Attorney General have been very aggressive in pursuing non-compliant healthcare practices, regardless of size. It is also a requirement for you to get any reimbursement for implementing an EMR system. The penalties and risk have increased dramatically, although the odds of getting audited are still low, if you lose any patient data, such as losing a laptop, employee theft, outside hacking, etc, you Contact Nate @ could risk losing your practice if you cannot prove compliance. Getting and maintaining compliance in the past has been very expensive, complicated and time nate.miller@egestalt.com consuming, however we are now offering a simpler, inexpensive way to help you get into and maintain your compliance. or 408-689-2586
SecureGRC SB™ Low end-user subscription Assessment Review Once the CE has completed the assessment as best they can, normally the channel partner would review the answers with the CE and make suggestions on how to resolve the remaining open issues. SecureGRC SB has suggested ways of solving the problem or best practices. (See example # 2). Although this is not required, this is an excellent opportunity to up-sell additional services. Elevator Pitch Once this process is complete, the CE will “Submit” the completed assessment. It is now permanently stored in the system and can no longer be modified. This is where Channel Partner will take the output of SecureGRC and prepare a final report. The exact steps are in Attachment C. See sample # 3 for an example of the first output report and example # 4 for the final deliverable. The final deliverable is called a Report on Compliance or ROC. This is a standard word template and you can simply cut and paste and deliver without modification, or this is an outstanding opportunity to review the data and identify additional sales opportunities.
SecureGRC SB™ preformatted Reports on Compliance (ROC) SecureGRC SB™ Sample # 4 Additional Sales opportunities. As part of the assessment process SecureGRC SB will identify specific area within IT that the CE will need to implement. The good news is these items are required by the LAW, so you have big government on your side. As a minimum: Encryption Unified Threat Management Firewall Virus protection Secure Back up Simple Access control There will also be opportunities for many other services and technologies. Another great sales opportunity are the Business Associates or BA’s (For a list of BA types, see Attachment B). BA’s, if they have access to Patient information are required, by law, to be HIPAA and HITECH complaints. According to HITECH law, the CE must have a signed agreement and proof of compliance form the BA. SecureGRC SB specially asked the CE for a list of their BA’s, a copy of each agreement and proof of their compliancy. This is a great prospect list for you to call on. You can call on behalf of the CE to acquire a copy of the BA’s proof of compliancy, which of course they will not have. This is an opportunity for you to sell compliance services into the BA.. Once you close the BA, you can follow up with their CE’s. And the cycle continues. Sample # 3
SecureGRC SB™ preformatted Reports on Compliance (ROC) Attachment A
SecureGRC SB™ preformatted Reports on Compliance (ROC) SecureGRC SB™ Attachment B Examples of Business Associates  A third party administrator that assists a health plan with claims processing.  A CPA firm whose accounting services to a health care provider involve access to protected health information.  An attorney whose legal services to a health plan involve access to protected health information.  A consultant that performs utilization reviews for a hospital.  A health care clearinghouse that translates a claim from a non-standard format into a standard transaction on behalf of a health care provider and forwards the processed transaction to a payer.  An independent medical transcriptionist that provides transcription services to a physician.  A pharmacy benefits manager that manages a health plan’s pharmacist network.  Remote back up facilities  Transcription services  Billing services  Remote Managed Services  IT Service provider ‘BUSINESS ASSOCIATE’ definition The term ‘business associate’ has the meaning given such term in section 160.103 of title 45, Code of Federal Regulations. Section 160.103— (1) Except as provided in paragraph (2) of this definition, business associate means, with respect to a covered entity, a person who: (i) On behalf of such covered entity or of an organized health care arrangement in which the covered entity participates, but other than in the capacity of a member of the workforce of such covered entity or arrangement, performs, or assists in the performance of: (A) A function or activity involving the use or disclosure of individually identifiable health information, including claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management, and re-pricing; or (B) Any other function or activity regulated by this subchapter; or (ii) Provides, other than in the capacity of a member of the workforce of such covered entity, legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services to or for such covered entity, or to or for an organized health care arrangement in which the covered entity participates, where the provision of the services involves the disclosure of individually identifiable health information from such covered entity or arrangement, or from another business associate of such covered entity or arrangement, to the person.
SecureGRC SB™ preformatted Reports on Compliance (ROC) SecureGRC SB™ (HIPAA / HITECH) Installation and support procedures for Channel Partner Attachment C These instructions are available in very specific detail in hard copy and in self paced video. Channel Partner will have a master SecureGRC SB account. When a CE or BA purchases SecureGRC SB, Channel Partner will need to provision this account. You create a login ID and input other details on the customer You then load a copy of the standard assessment into the customer’s account. The system will generate an email and send the login credentials to the customer. Once the customer has completed the assessment, Channel Partner will take the output and cut and paste into an excel template provided by eGestalt. You will use this spreadsheet to quickly identify “Out of Compliance” conditions and how to help the client remediate the problem. Once the client is finally done, you will do the same process cut and paste into the same excel template. Then from this template, cut and paste into the Word ROC temple. Initial provisioning takes about 7-10 minutes. Final reporting takes about 2 minutes to create. Review and recommendations are dependent on the end user.

Recommended

Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloud
tcarrucan
 
soc
socsoc
soc
Dhirendra Thapa
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slides
Tuan Phan
 
Getting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspGetting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for csp
Tuan Phan
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
DFLABS SRL
 
2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck
Richard (Dick) Kaufman
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
DFLABS SRL
 
NetWitness Decoder
NetWitness DecoderNetWitness Decoder
NetWitness Decoder
Aegify Inc.
 

Recommended

Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloud
tcarrucan
 
soc
socsoc
soc
Dhirendra Thapa
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slides
Tuan Phan
 
Getting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspGetting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for csp
Tuan Phan
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
DFLABS SRL
 
2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck
Richard (Dick) Kaufman
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
DFLABS SRL
 
NetWitness Decoder
NetWitness DecoderNetWitness Decoder
NetWitness Decoder
Aegify Inc.
 
Cisco umi: Driving Awareness through Social Media
Cisco umi: Driving Awareness through Social MediaCisco umi: Driving Awareness through Social Media
Cisco umi: Driving Awareness through Social Media
Zoya Morrison
 
Cheatr
CheatrCheatr
Cheatr
MichelleFlynn
 
Library based learning_ggunes&naydin
Library based learning_ggunes&naydinLibrary based learning_ggunes&naydin
Library based learning_ggunes&naydin
Marmara University
 
Nature of work - The Search for Jack
Nature of work - The Search for JackNature of work - The Search for Jack
Nature of work - The Search for Jack
MichelleFlynn
 
Tesy Britton Future of Membership Presentation
Tesy Britton Future of Membership PresentationTesy Britton Future of Membership Presentation
Tesy Britton Future of Membership Presentation
Jess Farr
 
Charles Armstrong Future of Membership Presentation
Charles Armstrong Future of Membership PresentationCharles Armstrong Future of Membership Presentation
Charles Armstrong Future of Membership Presentation
Jess Farr
 
Presentación 4to i sdmj
Presentación 4to i sdmjPresentación 4to i sdmj
Presentación 4to i sdmj
María José
 
Ncvo october 7 mind presentation
Ncvo october 7 mind presentationNcvo october 7 mind presentation
Ncvo october 7 mind presentation
Jess Farr
 
Introduction to Pinterest
Introduction to PinterestIntroduction to Pinterest
Introduction to Pinterest
Somdeep Sen
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with Aegify
Aegify Inc.
 
SecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCSecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRC
Aegify Inc.
 
Issue based organizing
Issue based organizingIssue based organizing
Issue based organizing
Macalester Civic Engagement Center
 
Ncvo 7th October Disability LIB
Ncvo 7th October Disability LIB Ncvo 7th October Disability LIB
Ncvo 7th October Disability LIB
Jess Farr
 
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
Aegify Inc.
 
Security Posture Management Enters the Cloud
Security Posture Management Enters the CloudSecurity Posture Management Enters the Cloud
Security Posture Management Enters the Cloud
Aegify Inc.
 
Oct 7 foresight presentation
Oct 7 foresight presentationOct 7 foresight presentation
Oct 7 foresight presentation
Jess Farr
 
Yashar zargari
Yashar zargariYashar zargari
Yashar zargari
simorgh
 
Ncvo october 7 yrhf presentation
Ncvo october 7 yrhf presentationNcvo october 7 yrhf presentation
Ncvo october 7 yrhf presentation
Jess Farr
 
Issue based organizing
Issue based organizingIssue based organizing
Issue based organizing
Macalester Civic Engagement Center
 
Electronic permit to work
Electronic permit to workElectronic permit to work
Electronic permit to work
Risman BizNet
 
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChanneleGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
Aegify Inc.
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
NJVC, LLC
 

More Related Content

Viewers also liked

Library based learning_ggunes&naydin
Library based learning_ggunes&naydinLibrary based learning_ggunes&naydin
Library based learning_ggunes&naydin
Marmara University
 
Tesy Britton Future of Membership Presentation
Tesy Britton Future of Membership PresentationTesy Britton Future of Membership Presentation
Tesy Britton Future of Membership Presentation
Jess Farr
 
Presentación 4to i sdmj
Presentación 4to i sdmjPresentación 4to i sdmj
Presentación 4to i sdmj
María José
 
Ncvo october 7 mind presentation
Ncvo october 7 mind presentationNcvo october 7 mind presentation
Ncvo october 7 mind presentation
Jess Farr
 
Ncvo 7th October Disability LIB
Ncvo 7th October Disability LIB Ncvo 7th October Disability LIB
Ncvo 7th October Disability LIB
Jess Farr
 
Oct 7 foresight presentation
Oct 7 foresight presentationOct 7 foresight presentation
Oct 7 foresight presentation
Jess Farr
 
Yashar zargari
Yashar zargariYashar zargari
Yashar zargari
simorgh
 
Ncvo october 7 yrhf presentation
Ncvo october 7 yrhf presentationNcvo october 7 yrhf presentation
Ncvo october 7 yrhf presentation
Jess Farr
 

Viewers also liked (19)

Cisco umi: Driving Awareness through Social Media
Cisco umi: Driving Awareness through Social MediaCisco umi: Driving Awareness through Social Media
Cisco umi: Driving Awareness through Social Media
 
Cheatr
CheatrCheatr
Cheatr
 
Library based learning_ggunes&naydin
Library based learning_ggunes&naydinLibrary based learning_ggunes&naydin
Library based learning_ggunes&naydin
 
Nature of work - The Search for Jack
Nature of work - The Search for JackNature of work - The Search for Jack
Nature of work - The Search for Jack
 
Tesy Britton Future of Membership Presentation
Tesy Britton Future of Membership PresentationTesy Britton Future of Membership Presentation
Tesy Britton Future of Membership Presentation
 
Charles Armstrong Future of Membership Presentation
Charles Armstrong Future of Membership PresentationCharles Armstrong Future of Membership Presentation
Charles Armstrong Future of Membership Presentation
 
Presentación 4to i sdmj
Presentación 4to i sdmjPresentación 4to i sdmj
Presentación 4to i sdmj
 
Ncvo october 7 mind presentation
Ncvo october 7 mind presentationNcvo october 7 mind presentation
Ncvo october 7 mind presentation
 
Introduction to Pinterest
Introduction to PinterestIntroduction to Pinterest
Introduction to Pinterest
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with Aegify
 
SecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCSecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRC
 
Issue based organizing
Issue based organizingIssue based organizing
Issue based organizing
 
Ncvo 7th October Disability LIB
Ncvo 7th October Disability LIB Ncvo 7th October Disability LIB
Ncvo 7th October Disability LIB
 
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
 
Security Posture Management Enters the Cloud
Security Posture Management Enters the CloudSecurity Posture Management Enters the Cloud
Security Posture Management Enters the Cloud
 
Oct 7 foresight presentation
Oct 7 foresight presentationOct 7 foresight presentation
Oct 7 foresight presentation
 
Yashar zargari
Yashar zargariYashar zargari
Yashar zargari
 
Ncvo october 7 yrhf presentation
Ncvo october 7 yrhf presentationNcvo october 7 yrhf presentation
Ncvo october 7 yrhf presentation
 
Issue based organizing
Issue based organizingIssue based organizing
Issue based organizing
 

Similar to SecureGRC SB™ HIPAA and HITECH

Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
NJVC, LLC
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docx
dewhirstichabod
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
amburyj3c9
 
SMS_White Paper_ClearView Assessment-PUB-v01r00
SMS_White Paper_ClearView Assessment-PUB-v01r00SMS_White Paper_ClearView Assessment-PUB-v01r00
SMS_White Paper_ClearView Assessment-PUB-v01r00
Brent Anderson
 
Conference Paper: Enabling Privacy Mechanisms in Apache Storm
Conference Paper: Enabling Privacy Mechanisms in Apache StormConference Paper: Enabling Privacy Mechanisms in Apache Storm
Conference Paper: Enabling Privacy Mechanisms in Apache Storm
Ericsson
 
Controlling SOA in Support of Operational Improvement (ISPE PE Vol 31 No 4 - ...
Controlling SOA in Support of Operational Improvement (ISPE PE Vol 31 No 4 - ...Controlling SOA in Support of Operational Improvement (ISPE PE Vol 31 No 4 - ...
Controlling SOA in Support of Operational Improvement (ISPE PE Vol 31 No 4 - ...
David Stokes
 
Final Presentation
Final PresentationFinal Presentation
Final Presentation
chris odle
 

Similar to SecureGRC SB™ HIPAA and HITECH (20)

Electronic permit to work
Electronic permit to workElectronic permit to work
Electronic permit to work
 
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChanneleGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
 
13 ijcse-01233
13 ijcse-0123313 ijcse-01233
13 ijcse-01233
 
IRJET- Sensitive Data Sharing using QRCODE
IRJET- Sensitive Data Sharing using QRCODEIRJET- Sensitive Data Sharing using QRCODE
IRJET- Sensitive Data Sharing using QRCODE
 
A Survey on Batch Auditing Systems for Cloud Storage
A Survey on Batch Auditing Systems for Cloud StorageA Survey on Batch Auditing Systems for Cloud Storage
A Survey on Batch Auditing Systems for Cloud Storage
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docx
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
 
SMS_White Paper_ClearView Assessment-PUB-v01r00
SMS_White Paper_ClearView Assessment-PUB-v01r00SMS_White Paper_ClearView Assessment-PUB-v01r00
SMS_White Paper_ClearView Assessment-PUB-v01r00
 
Mobile & Cloud Technology - Doing more with less
Mobile & Cloud Technology - Doing more with lessMobile & Cloud Technology - Doing more with less
Mobile & Cloud Technology - Doing more with less
 
Mobile & Cloud Tech - doing more with less
Mobile & Cloud Tech - doing more with lessMobile & Cloud Tech - doing more with less
Mobile & Cloud Tech - doing more with less
 
Implementing and auditing security controls part 2
Implementing and auditing security controls part 2Implementing and auditing security controls part 2
Implementing and auditing security controls part 2
 
Conference Paper: Enabling Privacy Mechanisms in Apache Storm
Conference Paper: Enabling Privacy Mechanisms in Apache StormConference Paper: Enabling Privacy Mechanisms in Apache Storm
Conference Paper: Enabling Privacy Mechanisms in Apache Storm
 
Controlling SOA in Support of Operational Improvement (ISPE PE Vol 31 No 4 - ...
Controlling SOA in Support of Operational Improvement (ISPE PE Vol 31 No 4 - ...Controlling SOA in Support of Operational Improvement (ISPE PE Vol 31 No 4 - ...
Controlling SOA in Support of Operational Improvement (ISPE PE Vol 31 No 4 - ...
 
Final Presentation
Final PresentationFinal Presentation
Final Presentation
 
HIPAA Safeguard Slides
HIPAA Safeguard SlidesHIPAA Safeguard Slides
HIPAA Safeguard Slides
 
Enhanced Hybrid Blowfish and ECC Encryption to Secure cloud Data Access and S...
Enhanced Hybrid Blowfish and ECC Encryption to Secure cloud Data Access and S...Enhanced Hybrid Blowfish and ECC Encryption to Secure cloud Data Access and S...
Enhanced Hybrid Blowfish and ECC Encryption to Secure cloud Data Access and S...
 
Backup Exec Subscription Licensing
Backup Exec Subscription LicensingBackup Exec Subscription Licensing
Backup Exec Subscription Licensing
 
Engica Q4 Safety brocure - Permit to Work - ISSOW
Engica Q4 Safety brocure - Permit to Work - ISSOWEngica Q4 Safety brocure - Permit to Work - ISSOW
Engica Q4 Safety brocure - Permit to Work - ISSOW
 
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channel
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM ChanneleGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channel
eGestalt Named a 2012 'Emerging Vendor' by CRN and UBM Channel
 

More from Aegify Inc.

Key featuresofcloudbasedsaas
Key featuresofcloudbasedsaasKey featuresofcloudbasedsaas
Key featuresofcloudbasedsaas
Aegify Inc.
 

More from Aegify Inc. (10)

Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines
 
The UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support CybersecurityThe UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support Cybersecurity
 
Webinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus DemystifiedWebinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus Demystified
 
eGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks securityeGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks security
 
Implications of hipaa non compliance
Implications of hipaa non complianceImplications of hipaa non compliance
Implications of hipaa non compliance
 
Address Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and ButsAddress Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and Buts
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security Solutions
 
Webinar on HIPAA/HITECH compliance services for healthcare industry
Webinar on HIPAA/HITECH compliance services for healthcare industryWebinar on HIPAA/HITECH compliance services for healthcare industry
Webinar on HIPAA/HITECH compliance services for healthcare industry
 
Importance of Healthcare Compliance Solutions
Importance of Healthcare Compliance SolutionsImportance of Healthcare Compliance Solutions
Importance of Healthcare Compliance Solutions
 
Key featuresofcloudbasedsaas
Key featuresofcloudbasedsaasKey featuresofcloudbasedsaas
Key featuresofcloudbasedsaas
 

Recently uploaded

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Recently uploaded (20)

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

SecureGRC SB™ HIPAA and HITECH

  • 1. SecureGRC SB™ Low end-user subscription At a low, annual end user sub- scription list price, SecureGRC SB (HIPAA / HITECH) allows to add on services and additional SecureGRC SB™ (HIPAA / HITECH) products to deliver a complete compliance and security solu- Channel Partner Step by Step process for selling, installing, and support- tion to the huge, untapped ing eGestalt’s SecureGRC SB HIPAA/ HITECH Compliance software small office Health Care market. Selling to a small medical CE. ALL medical practices, called Covered Entities (CE) must be HIPAA and HITECH compliant. It does not matter if they don’t use on-line billing or EMR (See a list of type’s of CE’s in Attachment A). If they serve patients they must be compliant or they are breaking the law. Now, if they have no technology what so ever, then they still need to be complaint, but it is much simpler process. The more technology, such as Email, on-line Complete list of all required policies applications, EMR, Off-site backup, etc, increase the complexity of becoming and and procedures available maintaining compliance and this is where SecureGRC SB comes in. Secure GRC SB is a simple WEB based assessment or questionnaire tool that leads the CE to understand what they need to do to become compliant. See example # 1 . Example # 1 The CE or BA fills out this form, and if they have evi- dence such as a policy or procedure that is required, then they attached it, and the system now catalogs and secures all the required sup- porting evidence. As an additional value add, eGestalt provides sample copies of all required polices and procedures. Elevator Pitch As I am sure you are aware HIPAA and HITECH have become front page news. Since the passing of HITECH in February 2010, both the Office of Civil Rights (OCR) and your states Attorney General have been very aggressive in pursuing non-compliant healthcare practices, regardless of size. It is also a requirement for you to get any reimbursement for implementing an EMR system. The penalties and risk have increased dramatically, although the odds of getting audited are still low, if you lose any patient data, such as losing a laptop, employee theft, outside hacking, etc, you Contact Nate @ could risk losing your practice if you cannot prove compliance. Getting and maintaining compliance in the past has been very expensive, complicated and time nate.miller@egestalt.com consuming, however we are now offering a simpler, inexpensive way to help you get into and maintain your compliance. or 408-689-2586
  • 2. SecureGRC SB™ Low end-user subscription Assessment Review Once the CE has completed the assessment as best they can, normally the channel partner would review the answers with the CE and make suggestions on how to resolve the remaining open issues. SecureGRC SB has suggested ways of solving the problem or best practices. (See example # 2). Although this is not required, this is an excellent opportunity to up-sell additional services. Elevator Pitch Once this process is complete, the CE will “Submit” the completed assessment. It is now permanently stored in the system and can no longer be modified. This is where Channel Partner will take the output of SecureGRC and prepare a final report. The exact steps are in Attachment C. See sample # 3 for an example of the first output report and example # 4 for the final deliverable. The final deliverable is called a Report on Compliance or ROC. This is a standard word template and you can simply cut and paste and deliver without modification, or this is an outstanding opportunity to review the data and identify additional sales opportunities.
  • 3. SecureGRC SB™ preformatted Reports on Compliance (ROC) SecureGRC SB™ Sample # 4 Additional Sales opportunities. As part of the assessment process SecureGRC SB will identify specific area within IT that the CE will need to implement. The good news is these items are required by the LAW, so you have big government on your side. As a minimum: Encryption Unified Threat Management Firewall Virus protection Secure Back up Simple Access control There will also be opportunities for many other services and technologies. Another great sales opportunity are the Business Associates or BA’s (For a list of BA types, see Attachment B). BA’s, if they have access to Patient information are required, by law, to be HIPAA and HITECH complaints. According to HITECH law, the CE must have a signed agreement and proof of compliance form the BA. SecureGRC SB specially asked the CE for a list of their BA’s, a copy of each agreement and proof of their compliancy. This is a great prospect list for you to call on. You can call on behalf of the CE to acquire a copy of the BA’s proof of compliancy, which of course they will not have. This is an opportunity for you to sell compliance services into the BA.. Once you close the BA, you can follow up with their CE’s. And the cycle continues. Sample # 3
  • 4. SecureGRC SB™ preformatted Reports on Compliance (ROC) Attachment A
  • 5. SecureGRC SB™ preformatted Reports on Compliance (ROC) SecureGRC SB™ Attachment B Examples of Business Associates  A third party administrator that assists a health plan with claims processing.  A CPA firm whose accounting services to a health care provider involve access to protected health information.  An attorney whose legal services to a health plan involve access to protected health information.  A consultant that performs utilization reviews for a hospital.  A health care clearinghouse that translates a claim from a non-standard format into a standard transaction on behalf of a health care provider and forwards the processed transaction to a payer.  An independent medical transcriptionist that provides transcription services to a physician.  A pharmacy benefits manager that manages a health plan’s pharmacist network.  Remote back up facilities  Transcription services  Billing services  Remote Managed Services  IT Service provider ‘BUSINESS ASSOCIATE’ definition The term ‘business associate’ has the meaning given such term in section 160.103 of title 45, Code of Federal Regulations. Section 160.103— (1) Except as provided in paragraph (2) of this definition, business associate means, with respect to a covered entity, a person who: (i) On behalf of such covered entity or of an organized health care arrangement in which the covered entity participates, but other than in the capacity of a member of the workforce of such covered entity or arrangement, performs, or assists in the performance of: (A) A function or activity involving the use or disclosure of individually identifiable health information, including claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management, and re-pricing; or (B) Any other function or activity regulated by this subchapter; or (ii) Provides, other than in the capacity of a member of the workforce of such covered entity, legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services to or for such covered entity, or to or for an organized health care arrangement in which the covered entity participates, where the provision of the services involves the disclosure of individually identifiable health information from such covered entity or arrangement, or from another business associate of such covered entity or arrangement, to the person.
  • 6. SecureGRC SB™ preformatted Reports on Compliance (ROC) SecureGRC SB™ (HIPAA / HITECH) Installation and support procedures for Channel Partner Attachment C These instructions are available in very specific detail in hard copy and in self paced video. Channel Partner will have a master SecureGRC SB account. When a CE or BA purchases SecureGRC SB, Channel Partner will need to provision this account. You create a login ID and input other details on the customer You then load a copy of the standard assessment into the customer’s account. The system will generate an email and send the login credentials to the customer. Once the customer has completed the assessment, Channel Partner will take the output and cut and paste into an excel template provided by eGestalt. You will use this spreadsheet to quickly identify “Out of Compliance” conditions and how to help the client remediate the problem. Once the client is finally done, you will do the same process cut and paste into the same excel template. Then from this template, cut and paste into the Word ROC temple. Initial provisioning takes about 7-10 minutes. Final reporting takes about 2 minutes to create. Review and recommendations are dependent on the end user.