Awareness Training (1 hour $25 per person)
: is handled through our employee training for a company that allows you to offer training to your employees as a self-paced online training which they can take at their own pace and convenience. Students listen to the audio, view slides, and can take the course multiple times before taking the test. After students pass the test, the student can download PDF for the course completion certificate with a validity of 2-year for compliance record-keeping in case they are audited.
Each employee receives a PDF for their own HIPAA certificate immediately upon successful completion of the training.
Cost: $25 per person
- Avg Completion Time: 1.5 Hours
- Format: Online Self Paced Training
- Number of Total Slides: 66
- Access: Online Access for 60 Days
- Certificate of Completion: Yes
- Certificate Expiry: 2 Years
- Audio: Yes
- License: Single User
- Refresher on HIPAA
- Definition: Health information
- Health Information: Sets and Subsets
- Information Covered: Privacy Rule
- Information Covered: Security Rule
- Minimum Necessary
- Required Retention Documentation
- Civil Penalties
- Criminal Penalties
- HIPAA Security Rule – Overview
- Administrative Standards
- Additional Standards
- Covered Entities
- Business Associates
- Contracting Arrangements
- Rules for the BA’s
- Business Associate Contracts
- Business Associate: BA Agreements
- Business Associate Close-Up: Insurance Broker-Agents
- Business Associate: Health Plan Broker/Agents
- Authorization versus Consent
- Authorization Requirements
- Defective Authorizations
- Permissible Activities and Patient Options
- Breach Notification Requirements
- Examples of Breaches
- Breaches & Fines
- Recent Healthplan Breaches
- Lessons – Learned?
- Event Response & Risk Assessment
- Quick Review
- What the Future May Hold
- HHS/OCR Issuances
- Audits: Candidate Matrix
- Audits: Planned Approach
- Audits: Results
- Outcomes and Trends
- Next Steps
Step 2 is handled by our compliance documentation templates
which include privacy security forms, policies, and procedures, risk analysis, contingency plan, and audit. It is important for the compliance officer to work on these templates after completing the expert-level training. It is easy to start the implementation process after the training.
This compliance templates manual kit includes the following templates suite in it. You can buy them as a complete suite or separately depending on which areas you need help in complying with.
Click on the following links for more details
- Fifty-Five (55) Privacy Policies, forms, and contracts ($300)
- Seventy (70) Security Policies, forms, and contracts ($495)
- Risk Analysis as per Security rule & Gap analysis as per Privacy rule ($495)
- Contingency plans as per security rule ($549)
- Ongoing Audit ($300)
Compliance Documentation Templates features
- Prebuilt documents, contacts, and forms allow you to customize them and start using them quickly (see security policy sample)
- Prebuilt best practices of all the HIPAA documents required
- Documents are customizable as all templates are in Microsoft Word format
- Guides & samples on how to use Contingency plan templates are in PDF format
- The average implementation time is around 4-8 weeks
- CHPSE training for the compliance officer helps with the hands-on implementation
- Call in support included if you have questions
- If regulation changes, we provide you with updates to the documents so you do not have to buy the full suite.
- Annual Cost: No
- Updated for Omnibus and HITECH: Yes
- Delivery: Emailed as Zip file
- Format: Microsoft Word Templates
- License: Single Organization
- Option to buy Consultant’s time: Yes
- Support Included: Yes
Cost for less than 50 employees (includes all 5 templates kits mentioned above): $1,890
Cost for more than 50 employees (includes all 5 templates kits mentioned above): $2,490
Vulnerability Assessment & Penetration Testing
IT Network is one of the most important elements of any organization and to ensure that your IT network is fully secured and working fine, we will conduct IT Network Penetration testing. This testing consists of a process that intentionally attacks your IT Network system with an intention of finding security weaknesses. This process will help in identifying the vulnerability in your IT network security before any real cyber-attack happens.
Vulnerability Assessment is a procedure that helps in identifying and correctly pinpointing the weaknesses in the overall IT Network and Communication system.
Using predefined profiles or customized configurations, the scan is run against the external portal facing the Internet or on your internal network. It runs quietly without consuming much network capacity, and in a non-disruptive manner: nothing is modified, and processes operate uninterrupted and as expected.
Ransomware Protection for Healthcare Entities
Ransomware is a type of malware (malicious software) distinct from other malware; its defining characteristic is that it attempts to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware until a ransom is paid. After the user’s data is encrypted, the ransomware directs the user to pay the ransom to the hacker (usually in a cryptocurrency, such as Bitcoin) in order to receive a decryption key. However, hackers may deploy ransomware that also destroys or exfiltrates2 data, or ransomware in conjunction with other malware that does so.
A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000 daily ransomware attacks reported in 2015). Ransomware exploits human and technical weaknesses to gain access to an organization’s technical infrastructure in order to deny the organization access to its own data by encrypting that data. However, there are measures known to be effective to prevent the introduction of ransomware and recovering from a ransomware attack. We can help with ransomware attack prevention and recovery from a healthcare sector perspective. Our solution will assist covered entities and business associates to prevent and recover from ransomware attacks, and how HIPAA breach notification processes should be managed in response to a ransomware attack.
Our Endpoint Protection Platform provides a multi-layered approach for detecting malware, exploit, and script-based attacks using a combination of machine learning coupled with both static analysis and system-wide behavior monitoring to isolate and mitigate threats in real-time. The management system, which can be deployed either in the cloud or on-premise, provides forensic analysis of threats and allows administrators to quickly resolve attacks through automated remediation and rollback features.
Let us help you to Secure your network from Malware & Viruses. Call us at 515-865-4591
Implementation of HIPAA Remediation Project
HIPAA Remediation is the next step after identifying the gaps in the area of security. The goal is to address all gaps and meet the regulation requirements. After risk analysis is complete, it is time to begin prioritizing remediation targets. In the risk analysis process, the gaps are divided into three priorities: High, Medium, and Low. Addressing the issues that are high priority can protect & secure the PHI.
Sometimes some of the gaps identified are “quick fixes” without devoting more resources. This helps in moving quickly towards achieving complete HIPAA compliance.
Categorizing the gaps in priority levels will help in planning the timelines, devoting the time of compliance team members, and budget to complete the projects in a timely manner. It is important to take time and plan the remediation phases properly so there are no delays in the process.
After identifying resources to address the highest priority and easiest issues, schedule resources to address the longer-term remediation targets, as well as those of lower priority or of lesser risk.
After remediation projects are completed, conduct the final audit to make sure you are fully compliant. It is beneficial to use a third party to conduct your final audit to determine your compliance. The network assessment including external internal penetration testing & ransomware protection by the third party will ensure that you did not miss anything.
OCR does not need to understand your environment: they simply need to confirm that you are doing all you are required to do, and find you if you aren’t. They have no interest in your operations beyond this determination and result. Other audit firms are likewise driven. Neither is concerned with the burden this can create, or whether any efficiencies can be cogenerated along with achieving compliance to offset it. This is precisely where we are different from all the rest. We do care.
We understand the escalating costs you face, the mounting bureaucracy of regulations and paperwork, the increased drive to automate, and the disruptive change that can cause. Most firms do not grasp this because they have no direct experience themselves. We know the challenges you face because we have been there ourselves. That is why we work with and for you to achieve these goals: get you compliant and set it up to stay that way by building it into your processes.
Our techniques are the industry-standard, time-proven methods used by all firms:
- Substantive Testing
We interview your in-house experts to determine their knowledge, awareness, and engagement with the importance of these requirements to gain a sense of the environment. We share with them our knowledge about the regulations to enhance their knowledge.
We examine your policy and guidance documentation to ensure that the regulatory requirements and properly embodied in them so that you have established the correct framework for performance, internal enforcement, and corrective action when needed.
We observe your staff at work as part of our gaining familiarity with your environment and to ensure that what we found in your documentation we actually find being practiced by your workforce.
We substantively test various parts of your automated systems to ensure that the stated specifications to support privacy and achieve the requirements of the Security Rule are in place and functioning correctly.
Our process verifies that all the requirements are being met regularly and reliably so that your expectations are being met and so that you can be confident by knowing rather than trusting that things are working properly.
The process is the same for both Covered Entities and Business Associates. One standard for all appropriate to each operational context means the Covered Entity can have the needed assurance that their Business Associates are meeting the requirements just as they are, thus have greater peace of mind and greater risk control at all levels.