HIPAA Security Rule Compliance
Electronic Personal Health Information, or ePHI, is one of the most highly regulated types of sensitive information that organizations handle on a daily basis. The Health Insurance Portability and Accountability Act, or HIPAA, was created to protect this type of customer data by providing a standard for organizations to create, store, transmit, and dispose of ePHI.
COMPASS helps healthcare organizations in assessing their HIPAA security compliance and their overall security readiness across the administrative, physical and technical safeguards. In accordance with 45 CFR Subtitle A §164 HIPAA Security Rule specifications, COMPASS has developed the following two offerings to replicate the HIPAA Desktop and On-site Audits.
HIPAA SECURITY RULE COMPLIANCE AUDIT
- Administrative Safeguards Analysis
- Physical Safeguards Analysis
- Technical Safeguards Analysis
- Organizational Requirements
HIPAA SECURITY RISK AND VULNERABILITY ASSESSMENT
- Enterprise Risk Assessment
- Network Vulnerability Scans
- Device Configuration Review
- Network Architecture Review
- Firewall and Perimeter Defense Review
- Employee Mock-Phishing Exercise
- Employee Awareness Survey
Healthcare organizations across the country are finding that developing policies and procedures to meet the HIPAA audit standards can be a daunting initiative. COMPASS’ audits and risk assessments assist our clients in evaluating their current compliance and vulnerabilities and to identify areas that should be improved.