avast! Antivirus

Vipre Antivirus

Watchguard Firewalls

Health Insurance Portability and Accountability Act

Our HIPAA Compliance Program provides services to help our clients efficiently and cost effectively manage the entire compliance life-cycle and address the requirements enforced by the Department of Health and Human Services. IT Balance works with its clients in preparing for the required ongoing HIPAA reviews, conducting the reviews in an educational, rather than adversarial manner, documenting compliance with the rules, and providing a HIPAA Compliance Statement.

Our HIPAA security review covers:
Administrative safeguards
Physical safeguards
Technical safeguards
Organizational requirements
Policies, procedures, and documentation requirement

Following the compliance review, IT Balance can assist in developing a remediation plan and in developing safeguards that must be in place including procedures that must be implemented to become HIPAA Compliant.

HIPAA Business Partner Review
Many health care organizations are unaware of the compliance requirements associated with business partners and outside service providers. IT Balance reviews third-party agreements in order to ensure that they contain the provisions required by HIPAA.

Training Services
HIPAA training under both the Privacy Rule and Security Rule is mandatory for “all members of an entity’s workforce who, by virtue of their position, are likely to obtain access to protected health information” and “all members of an entity’s workforce who, by virtue of their position, are likely to obtain access to protected health information.” This pertains to employees, volunteers, trainees and contractors. IT Balance provides training services to enable organizations meet these requirements.

Managed Services
IT Balance provides a managed services solution that is HIPAA compliant. We can deliver first-class 24/7 IT support that also takes away some of the burdens of the provider associated with information assurance.

 

IT Balance Solutions

    for Achieving HIPAA Compliance

HIPAA Administrative Safeguards
The Administrative Safeguards of HIPAA compliance require documented policies and procedures for day to day operations, management of employees, as well as the security controls in place to protect healthcare information. IT Balance is able to provide comprehensive help with compliance against the HIPAA security rule. Whether an organization simply needs help getting started, or requires a certification of compliance from an external reviewer, we can help.

Requirement Description IT Balance Solution
Security Management Process Section 164.308 (1) Implement policies and procedures to prevent, detect, contain, and correct security violations.
  • Risk assessment (Required)
  • Risk management (Required)
  • Sanction policy (Required)
  • Information system activity review (Required)
  • HIPAA Review
  • Internet Review
  • IT Review
  • Policy Development
Assigned Security Responsibilities
Section 164.308 (2) 		Identify the security official who is responsible for the development and implementation of the policies and procedures required by this subpart for the entity.
  • Policy Development
Workforce Security Section 164.308 (3) Implement policies and procedures to ensure that all members of its workforce have appropriate access to electronic protected health information (EPHI) and to prevent access by others who do not have authorization.
  • Authorization and/or supervision (Addressable)
  • Workforce clearance procedure (Addressable)
  • Termination Procedures (Addressable)
  • Policy Development
  • Managed Services
Information Access Management Section 164.308 (4) Implement policies and procedures for authorizing access to EPHI that are consistent with the applicable requirements of subpart E of this part.
  • Isolation of health care clearinghouse functions (Required)
  • Access authorization (Addressable)
  • Access process establishment and modification (Addressable)
  • Policy Development
  • Internet Review
  • IT Review

 
Security Awareness and Training Section 164.308 (5) Implement security awareness and training program for all members of its workforce.
  • Security reminders (Addressable)
  • Protection from malicious software (Addressable)
  • Login monitoring (Addressable)
  • Password Management (Addressable)
  • Awareness Training
  • Managed Services
  • Policy Development
Security Incident Procedures Section 164.308 (6) Implement policies and procedures to address security incidents
  • Response and reporting (Required)
  • IT Review
  • Policy Development
  • Managed Services
Contingency Plan Section 164.308 (7) Establish and implement policies and procedures for responding to an emergency or other occurrence such as fire, vandalism, system failure, & etc. that damage systems containing EPHI.
  • Data backup plan (Required)
  • Disaster recovery plan (Required)
  • Emergency mode operation plan (Required)
  • Testing and revision procedures (Addressable)
  • Application and data analysis (Addressable)
  • Policy Development
  • Disaster Recovery Planning
  • Managed Services
Evaluation Section 164.308 (8) Perform a periodic technical and non-technical evaluation initially based on HIPAA standards and subsequently based on environmental and operational changes affecting the security of EPHI.
  • HIPAA Review
  • Internet Review
  • IT Review
Business Associate Contracts and Other Arrangements Section 164.308 (9) A covered entity (CE) may permit a business associate to create, receive, maintain or transmit EPHI on the CE’s behalf only if the CE obtains satisfactory assurances in accordance with § 164.314 (a) That the business associate will appropriately safeguard the information.
  • Policy Development
  • ISO17799 Vendor Review

HIPAA Physical Safeguards
The physical safeguards are a series of security measures meant to protect the environment of the electronic information systems, as well as the related buildings and equipment from natural and environmental hazards and unauthorized access. These measures include both administrative policies and physical controls.

Requirement Description IT Balance Solution
Facility Access Controls Section 164.310 (1) Implement policies and procedures to limit physical access to electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.
  • Contingency operations (Addressable)
  • Facility security plan (Addressable)
  • Access control and validation procedures (Addressable)
  • Maintenance records (Addressable)
  • Policy Development
Workstation Use Section 164.310 (2) Implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed and the physical attributes of the surroundings of a specific workstation or class of workstation that can access EPHI.
  • Policy Development
Workstation Security Section 164.310 (3) Implement physical safeguards for all workstations that access EPHI to restrict access to authorized users.
  • Policy Development
  • Managed Services
Device and Media Controls Section 164.310 (4) Implement policies and procedures to that govern the receipt and removal of hardware and electronic media that contain EPHI.
  • Disposal (Required)
  • Media Reuse (Required)
  • Accountability (Addressable)
  • Data Backup and Storage (Addressable)
  • Policy Development
  • Managed Services

HIPAA Technical Safeguards
The technical safeguards category is made up of several security measures that specify how to use technology to protect EPHI. Particularly controlling access to it. IT Balance enables organizations to achieve HIPAA compliance by delivering services that directly address each specific area of the regulation.

Requirement Description IT Balance Solution
Access Control Section 164.312 (1) Implement technical policies and procedures for electronic information systems that maintain EPHI to allow access only to persons or processes granted access rights as specified in Administrative Standard section.
  • Unique user identification (Required)
  • Emergency access procedure (Required)
  • Automatic logoff (Addressable)
  • Encryption and Decryption (Addressable)
  • Consulting Services
  • Policy Development
  • Managed Services
Audit Control Section 164.312 (2) Implement hardware, software, and/or procedures that record and examine activity in information systems that contain or use EPHI.
  • Policy Development
  • Managed Services
  • Consulting Services
Integrity Section 164.312 (3) Implement policies and procedures to protect EPHI from improper alterations or destruction.
  • Mechanism to authenticate EPHI (Addressable)
  • Implement electronic mechanisms to corroborate that EPHI has not been altered or destroyed in an unauthorized manner.
  • Policy Development
  • Managed Services
Person or Entity Authorization Section 164.312 (4) Implement procedures to verify that a person or entity is seeking access to EPHI is authentic.
  • HIPAA Review
  • Managed Services
Transmission Security Section 164.312 (5) Implement technical security measures to guard against unauthorized access to EPHI that is being transmitted over electronic communications network.
  • Integrity control (Addressable)
  • Encryption (Addressable)
  • Awareness Training
  • Managed Services
  • Policy Development

Contact us today! 866-585-9203