HIPAA Risk Analysis Service

HIPAA/HITECH Risk Analysis Service

The Department of Health and Human Services (HHS) requires all Covered Entities and Business Associates to conduct a Risk Analysis as the first step toward implementing safeguards specified in the HIPAA Security Rule.  A Risk Analysis is defined as an assessment conducted in a formal manner that includes a complete documentation of the healthcare IT process, a listing of identified threats and vulnerabilities, the associated risk ratings and the subsequent actions to remediate any identified deficiencies.

At IntelliSuite, we understand the compliance requirements Healthcare Providers face, and have developed services to help you meet these requirements.  HealthCare IT represents the largest segment of our business, so we have made it a priority  for all of our Engineers to be Certified HIPAA Security Professionals, giving us the expertise to  help you make compliance achievable.

Download HHS Guide  to Privacy and Security  of Electronic Health Information

The IntelliSuite Risk Analysis Service includes:

Data Collection

  • Onsite Interview – Conducted with your Security Officer to collect information not available through a scan.
  • Onsite Survey – A walkthrough of your site to gather both physical and technical security related information.
  • Network Scan – A comprehensive scan of your information technology network from both an internal and external point of view.

Reporting

  • Executive Summary – A written summary of the significant topic and action items discussed in the review of findings.
  • Detailed Compilation of Reports – A comprehensive detail of your system measures laid out in relation to their corresponding HIPAA Standards.
  • Onsite Review of Findings – A face to face meeting to review, discuss, and decipher the compilation of reports.

HIPAA Risk Analysis will provide you with the following  reports:

HIPAA Risk Analysis Report – Hipaa is a risk based security framework and the production of a Risk Analysis is one of the primary requirements of the HIPAA Security Rule.  It identifies the locations of (ePHI,) vulnerabilities to data security, threats associated with vuylnerabilities, and estimates the likelihood and impact of a threat acting on a vulnerability.  It identifies what protections are in place and where there is a need for improvement.

HIPAA Management Plan – Based on the findings in the Risk analysis, IntelliSuite will provide you with the required Risk Management Plan which will list the tasks required to minimize, avoid, or respond to risks.  The Risk Management plan prioritizes and defines the strategies and tactics an organization can use to address its risks.  Remediation services are available by IntelliSuite Certified HIPAA Security Specialists to close compliance gaps.

Evidence of HIPAA Compliance Report – Audits and investigations require evidence that compliant tasks have been carried out and completed, and documentation must be kept for six years.  The Evidence of Compliance includes log-in files, patch analysis, user & computer information, and other source material to support your compliance activities.  This is all provided in your Evidence of HIPAA Compliance Report.

HIPAA Policies & Procedures Document – This document will spell out Information Technology ‘Best Practices’ policies that will comply with the technical portion of the HIPAA Security Rule, and detail the procedures needed to follow these policies.  The Policies and Procedures reference specific code sections in the Security Rule and are supported by the necessary reports needed to provide to an Auditor.

Additional Services offered by IntelliSuite to assist your business in meeting its compliance requirements:

  • HIPAA Compliant Back Up Services
  • HIPAA Compliant Disaster Recovery Services
  • HIPAA Compliant e-Mail Services
  • HIPAA Compliant Security Services
  • HIPAA Compliant Mobility and Cloud Services
  • Managed IT Services