TechNoggins can provide all of the technical consulting and related IT services to ensure that your organization meets the requirements of the HIPAA Security Rule, and ensure ongoing compliance as the law evolves.
The HIPAA Security rule in effect as of October 31, 2013 mandates that all businesses (practices) and other ‘entities’ that have access to EPHI (Electronic Protected Health Information) must comply with standards that address the physical, administrative and technical elements outlined.
For all organizations, the very first MANDATORY step is to complete a comprehensive, written ‘Risk Analysis’.
Three step process:
- Annual HIPAA Risk Analysis
- Create complete hardware and software inventory list
- Asset tag all physical resources
- Collect technology implementation specifics for all servers and workstations
- Interview staff for user security practices
- Interview IT staff for technical review of system access controls and logs
- Document all findings and identify non-compliant areas
- Provide recommendations for IT solutions that address non-compliant areas.
- Review, prioritize and implement IT solutions
- Document all policies and train employees