More than 700,000 hospitals, emergency medical clinics, dental offices, nursing homes and other health-related entities are required by law to have a specialized IT risk assessment performed to satisfy the requirements of HIPAA – The Health Insurance Portability and Accountability Act.
So, too, are an estimated 2 million other companies that do business with these entities, including shredding companies, documents storage companies, attorneys, accountants, collections agencies, and many others. Many of these companies and organizations are not even aware of this legal requirement!
Leon Rodriguez, former director of the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services, was responsible for enforcing HIPAA and HITECH. When asked where do organizations suffer the most audit failures, Rodriguez commented in the “failure to perform a comprehensive, thorough risk analysis and then to apply the results of that analysis.”
trusting your technology to our expert team of IT professionals.
with user-friendly technology that works.
consistent IT support yields more up-time.
with the convenience of our flat- rate IT plan.
One of the most challenging aspects of performing a valid comprehensive HIPAA Assessment is gathering and organizing the vast amount of data that must be collected from a variety of sources. Cinch IT can makes this easy by giving you a central repository to safely and securely collect the information. We will start by conducting a “Site Interview” to obtain the answers to a series of pre-established questions.
Next, we will conduct an On-Site Survey to personally observe the environment, take photographs and check on a wide range of security policies. There’s no guesswork here.
While we are conducting your On-Site Survey, we’ll also run a non-invasive Local HIPAA scanner on each PC in the office. Additionally, we’ll run an External Vulnerability Scan.
Once we’ve gathered the initial data we will work with you to complete three worksheets – a User Identification Worksheet, a Computer Identification Worksheet, and a Share Identification Worksheet. The data from these worksheets will be automatically cross-correlated with the data collected by the data collector to ensure there are no anomalies.
At this point in the process we will generate a Security Exception Worksheet, which will list issues that have been identified. All of the information gathered is ready to be crunched, analyzed and organized into a set of official HIPAA Compliance reports and documents.