HIPAA Regulations Contain…
6 Federal Regulation Subchapters…100’s of pages of Federal Regulations…
1000’s of lines of Federal Regulations…Tens of Thousands of Dollars in Avoidable Fines…

HIPAA Required

We have…

Simple Products
For HIPAA Compliance

Associate’s Agreement – Customizable Template

  • Do not let unauthorized visitors or contractor beyond your waiting room without a properly signed Associates Agreement.  This document reduces Your risk.
  • Required per 45CFR164.502 / 45CFR314(a)(2)(i)

Employee Computer Policy – Completely Customized Policy

  • The mandatory baseline document for outlining the security requirements of your employees.  If your employees have not confirmes, in writing, their understanding, then You are at risk.
  • Required per 45CFR164.308(a)(1)(i)

Data Backup Plan – Off Site Backup Service

  • Fully automated HIPAA compliant backup of your critical business data,
  • Full Service – Maintenance, upgrades, modification all handled for you remotely – nothing for anyone in your office to learn!
  • Disaster Recover Plan included in service
  • Required per 45CFR164.308(a)(7)(ii)(A) / 45CFR1643.08(a)(7)(ii)(B)

Employee Monitoring Software

  • Thorough monitoring of employee software use and online activities
  • Required per 45CFR164.308(a)(5)(i)

Employee HIPAA Training

  • Security awareness training for all employees is required and smart
  • Online training reduces office down time and simplifies management duties
  • Annual training required per 45CFR164.308(a)(5)(i)

Home Office HIPAA Checklist

  • Every Covered Entity should require completion of this checklist for all employees and contractors who will work from home
  • As an independent contractor, you should be pro-active and get this done on your own

HIPAA Audit Self Assessment or Full Service Audit

  • Similar to an annual physical, an annual HIPAA Audit measure the current “compliance health” of your office, provides recommendations and highlights risks & short-falls
  • Annual assessments are required per 45CFR164.308(a)(ii)(A)

Hard Drive Encryption

  • For “at rest” data (this means storage)
  • Encrypt Laptops & Mobile storage devices

Computer Disposal

  • Just deleting is not enough
  • When you get rid of a computer, you must properly get rid of all the PHI that may be on the computer.

Disaster Recovery Plan

  • Exact plan on how your office will react & recover from a disaster

Meaningful Use HIPAA Kit

  • Stage 1 Core Objectives require 45CFR164.308(a)(1) compliance
  • This includes:
    • Risk Analysis
    • Risk Management
    • Sanction Policy
    • Information System Activity Review
  • Also must ensure “confidentiality, integrity and availability of all ePHI” your office creates, receives, maintains or transmits.