We are HIPAA Compliance Experts
Keeping up with HIPAA IT compliance is a real challenge for covered entities who are already stretched too thin with their day-to-day work! To help covered entities meet that challenge, we have teamed up with HIPAA Secure Now!, a company of HIPAA experts committed to helping us make compliancy easy to understand and maintain. For covered entities (and business associates) who fall under HIPAA we offer the HIPAA Security Plus Package.
Since we are quickly expanding our service areas across the state, we need an IT company that can keep up. With Next Century Technologies, IT is never the hold up in our new facilities. Also, Next Century is very professional and knowledgeable about HIPAA.
Kevin Jones, CPA, CFO, American Health Management
Our HIPAA Security Plus Package
We provide the following help you analyze, establish and maintain HIPAA compliance:
Thorough Risk Assessment
- We perform your Security Risk Assessment
- Streamlined Risk Assessment Process – you will spend around 1 or 2 hours working with us and then we do the rest!
- We make additional security recommendations
- HIPAA Compliance Snapshot
- Threats Analysis / Risk Determination
- Remediation Planning
- Satisfy MIPS Requirement– ACI Performance Category – Protect electronic health information (Conduct or review a security risk assessment of the certified EHR technology) – don’t put MACRA reimbursement payments at risk!
- Easy to understand reports and work plans
HIPAA Security Training
- We Train your Employees
- Interesting and engaging training videos – Training focuses on both HIPAA regulations and securing patient information
- HIPAA training for existing and new employees
- Retrain employees on an annual basis
- Provide employee compliance testing
- View compliance reports that show when employees were trained and their compliance testing scores
- Employee Security Reminders
HIPAA Policies and Procedures
- We provide your Policies and Procedures
- Employee access to policies and procedures
- Employees electronically acknowledge receipt of the policies
- Videos explaining security policies
- Easy to understand policies
- Easy to follow procedures
- Addresses the HIPAA Security and Privacy Rules
- Allows you to show compliance with HIPAA regulations and protect patient information!
HIPAA Compliance Portal
- Online repository for all compliance documentation
- Employee access to policies and procedures
- Track business associates
- Security incident response
- Access disaster plans
- Store contracts and documents
- HIPAA related information
- Educational videos
Security Incident Response
- Security breaches are stressful – we provide guidance and assistance throughout the whole process
- Security incident response
- Patient/HHS notification steps
- Access to security experts to assist with breach response
Reference Library
- If you need information or have a question, we have the answer!
- Access to articles, links and HIPAA related reference material
- HIPAA whitepapers and guides
- HIPAA videos on how to protect patient information
Outstanding Customer Support
- Truly outstanding customer support
- Step by step guidance – we are with you through the whole process!
- Ongoing guidance and advice
- Access to HIPAA experts
- Our goal is to help you with HIPAA compliance and protect patient information!
What are the HIPAA standards for IT?
A HIPAA covered entity is more than just a doctor’s office or hospital – its any business that comes in direct contact with a patient’s PII (personally identifiable information). This includes not only medical providers but law firms dealing with medical cases, health insurance companies and medical billing services. HIPAA is a mindset, a set of policies and procedures that are followed for doing business. That being said, there are some areas in IT that a covered entity should focus on.
Tracy and Ronnie are easy to work with and they definitely go the extra mile to meet and exceed any expectation.
Kelly Upchurch, American Health Management
Areas of Focus for HIPAA IT Compliance
- Risk Assessment. Have one. It is required. Without one you can’t identify your vulnerabilities and you can’t address those vulnerabilities. This is your foundation for the HIPAA mindset.
- Archiving logs of user transactions and event notifications. Who did what, when and where? These are the questions that have to be answered! Staff is a lot less likely to steal PII if they think they are being watched. You know people are paid to steal PII, right?
- Secure e-mail implementation. Does your staff know how to send PII securely via e-mail? Use encryption if you need to send PII. Use a system that’s easy to implement.
- Regular operating system and application updates for all computers. Computers should be updated weekly, and servers at least monthly. It's best to automate this process so it is not forgotten. This automated process should provide notifications of what updates were successful and which were missed.
- Regularly scheduled vulnerability scans. Do them at least once a quarter and following any major IT changes. The vulnerability scan compares your IT environment to several reputable databases of vulnerabilities to identify issues that need to be addressed. Vulnerability software needs regular updates, so it should be subscription-based.
- Policies & Procedures. Do you maintain a set of policies and procedures for handling and protecting PII? Although IT is included, it covers all aspects of the office right down to locking doors to sensitive areas and minimizing the view visitors have of your paperwork and computer screens.
- Quality firewall device with intrusion prevention system (IPS). IPS is subscription-based protection that is updated as new IT threats emerge.
- Good password policy. So critical! This includes not only how complex the passwords are, but how they are stored and end-user training on how to manage them.
- Internet restrictions. Keep the office computers focused on the business, not on games, shopping sites or social media. All of those sites are ripe with poor security that can lead to a breach of your data or a malware infection.
- Mobile device management. PII should not be on unsecured mobile devices. If you must use mobile devices, via technology, they can be secured.
- Laptop encryption. Windows 10 Pro includes encryption. A stolen or lost laptop is considered a breach. Even if you don’t think you store PII on that laptop, it is used to access email and cloud apps where PII is kept. So encrypt it.
- Endpoint Protection. This includes your paid antivirus/antimalware, 2-factor authentication for e-mail and electronic records. Also encryption for e-mails.
- Physical security. Keep the server room locked! Desktops should be locked down with password protection if left unattended. Can patients wander behind the counter and have easy access to patient information laying around?