HIPAA/HITECH SOLUTION FOR SMALL MEDICAL PRACTICES AND BUSINESS ASSOCIATES

Presented by:

ITS Alliances, Inc.

Aegify SecureGRC TM

2

HITECH has new CRIMINAL liabilities

WHAT HAS CHANGED?

ITS Alliances, Inc. - www.itsalliances.com - Proprietary and Confidential

Expanded the scope of HIPAA privacy, security and enforcement standards to subject business associates and their subcontractors to the same administrative, technical and physical security safeguard requirements as covered entities, including civil and criminal sanctions for violating the health information privacy of individuals.   

WHAT HAS CHANGED?

ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com

DON'T THINK IT CAN HAPPEN TO YOU?

What if a employee steals records? 48% What if a laptop is lost or stolen? 26% What if a BA steals data? 20% What if you lose a Blackberry, IPAD or other

portable data storage? 14% What if some one steals my records after I

dispose of them? 6% What if some one hacks into your network? 4% What if? What if?It happens EVERY day. Of the incidents reported , these were the % of cause.

ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com

5

“Accordingly, we recommend that physicians (and their business associates) plan immediately to comply with these new

breach notification requirements”

BREACH RULES

ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com

6

 "Administrative safeguards" focus on workforce training and contingency planning (45 CFR §164.308).

The cornerstones, however, are risk analysis and risk management—both "required." Critical and thorough risk analysis must take place before any attempt at regulatory compliance is made.

ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com

Tough getting started:

Where to begin?

Most smart CE’s and BA’s WANT to be in compliance but don’t know where to start.

7

WHAT IS SO HARD ABOUT BECOMING COMPLIANT?

ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com

WEB based self assessment for HIPAA/HITECH and Security Practices

8

SecureGRC HIPAA/HITECH

ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com

BUILT IN DOCUMENT REPOSITORY

9ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com

HELP IS ALWAYS NEARBY

HELP IS ALWAYS NEARBY

HELP IS ALWAYS NEARBY

13

EVERY QUESTIONS HAS A RISK RATING

ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com

14

SIMPLE, BUT EXTENSIVE FILTERING

ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com

SUBMIT FOR REVIEW

15ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com

Real Time Status

16

SecureGRC SB HIPAA

ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com

SIMPLE REPORTS, SORTED BY HIGHEST RISK

ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com

HIPAA REPORT ON COMPLIANCE (HROC)

18

CE or BA

ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com

SECUREGRC SB HIPAA/HITECH SELF ASSESSMENT

1. Simple2. Inexpensive3. Meets and exceeds HIPAA and HITECH privacy and

security requirements for SB4. Meets and exceeds Section 15 of Meaningful Use 15. Central document repository with automated audit

controls.6. Library of sample policies, procedures and forms.7. Extensive help and best practices8. Requires minimal labor on your part9. Helps manage your BA’s (Vendor Management)10. HIPAA Report on Compliance (HROC)

ITS Alliances, Inc. - Proprietary and Confidential - www.itsalliances.com