Embed Size (px)
Citation preview
SecurityMetrics Business Associate HIPAA compliance program
IS YOUR PHI SAFE?Business associates help your business succeed, but are they a liability? When your BAs are not HIPAA compliant, your business and your data is at risk. With the latest changes to HIPAA compli-ance in force, not knowing how your BAs handle your data isn’t an option.
Take control of the way your BAs handle your patients’ sensitive data with SecurityMetrics Busi-
ness Associate HIPAA Compliance Program. Every covered entity operates uniquely, Security-Metrics customizes its business associate programs to help you reach compliance goals. A custom program with SecurityMetrics helps you:
• Easily manage five to thousands of BAs
• Provide your BAs access to expert compliance implementation tools
• Know your PHI is safe
SecurityMetrics Business Associate HIPAA Compliance Program is divided into three phases—Segment, Comply, and Report.
“These changes [omnibus rule] not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections.”
-Leon RodriguezDirector, HHS Office for Civil Rights
SEGMENT RISKIdentify all business associates that interact with your customers’ PHI
Identify your business associatesThe first step in protecting your PHI is identi-fying all parties that need to become HIPAA compliant. If you work with organizations that store, transmit, process, maintain, or ac-cess your PHI, then you need to know exactly what they do with the data.
Ensure data is complete As you identify business associates, Security-Metrics helps you make sure your BA’s infor-mation is complete through a comprehensive data verification process.
Survey for risk
Each BA is guided through a brief survey. The survey includes profiling questions about how they interact with your clients PHI. For example: how is PHI data received, how much PHI data is received, and how/where is PHI data stored?
Segment riskBased on results from the risk survey, Securi-tyMetrics works with you to divide BAs into low, medium, and high-risk categories. This helps you know where to focus your compli-ance efforts.
Understand where your greatest risk is so you can prioritize your compliance focus.
Guided Risk AnalysisBAs are guided through a full Risk Analysis beginning with a review of the top threats to immediately secure PHI. After system inventory has been created and vulnerabili-ties have been identified, SecurityMetrics provides a prioritized risk management plan that outlines next steps in the compliance process.
Guided HIPAA Compliance As BAs work through their prioritized risk management plan, SecurityMetrics provides expert advice and award-winning support to ensure all HIPAA requirements are properly addressed. Training and a review of privacy and security policies are also provided. SecurityMetrics guides BAs through:
•Riskanalysis
•HIPAAprivacyrulecompliance
•HIPAAsecurityrulecompliance
•Privacyandsecuritytraining
•Policiesandproceduresdocumentation
Compliance toolsNot every BA is at the same level of compliance. SecurityMetrics has multiple tools that increase PHI security and assist in the compliance process. SecurityMetrics tools include:
•Vulnerabilityscanning
•Penetrationtesting
•Breachcoverage
•Securitypoliciesandprocedures
•Privacyandsecuritytraining
•Businessassociateagreementtemplate
SecurityMetrics provides varying levels of HIPAA compliance validation from simple self-assessment and attestation tools to an onsite review of HIPAA PHI security controls.
COMPLYCutting-edge HIPAA compliance solutions
Account Relationship ManagerTo maximize the success of your compliance program, SecurityMetrics Account Relation-ship Managers provide the following:•LiaisonforBAcommunication
•Training/education
•Customprogramreports
•Programsupport
HIPAA Compliance ReportsAs your business associates progress towards compliance, SecurityMetrics tracks and re-ports their success. This allows you to contin-ually ensure an approved level of compliance.
Achieve and maintain security by tracking the success of your business associate compliance program.
REPORTHIPAA compliance analytics
PARTNER wITH THE ExPERTS FOR MASS bUSINESS ASSOCIATE HIPAA COMPLIANCE
Drive compliance resultsIneffective business associate compliance programs leave your organization vulnerable to data compromise and at risk to fail an HHS audit. Leveraging over 10 years of mass compliance experience, SecurityMetrics offers solutions proven to simplify HIPAA compliance for your business associates and your organization.
Expert HIPAA consultingEvery healthcare organization has a unique set of HIPAA compliance objectives, goals, and available re-sources. Our compliance experts work with you to create a custom business associate compliance solution that will achieve your security goals on your timetable and within your budget.
Lasting patient data protectionBusiness Associate HIPAA compliance programs are only as good as the lasting security improvements they create. SecurityMetrics offers automated compliance reports and ongoing security education to simplify busi-ness associate HIPAA compliance monitoring and provide continued protection for your organization’s PHI.
Account Relationship Manager assistanceWe understand that supervising business associate compliance is one of your many job responsibilities. To ease this burden, SecurityMetrics assigns a dedicated account manager to help with staff training, com-munication creation, report generation, and assistance with every other aspect of your business associate HIPAA compliance program. Business associate compliance toolsYour organization may face severe financial penalties and public brand damage in the event of a business associate PHI breach. With SecurityMetrics business associate HIPAA compliance tools, you can ensure business associates take the necessary steps to protect your patients’ PHI. Our complete business associ-ate HIPAA compliance solution includes:
• Guided risk analysis that begins with a review of top threats to immediately secure PHI
• Full HIPAA compliance assessment that walks business associates through the entire process from risk analysis to a review of safeguards and documentation, to compliance implementation and validation
• Access to expert security tools like vulnerability scanning, remediation support, HIPAA security poli-cies, and HIPAA security and privacy training
• Non-compliance alerts to notify parties that additional actions are needed to return to an acceptable compliance status
Award-winning support for your business associatesLet’s face it—few of your business associates will accurately understand how to comply with the HIPAA standard. Stevie® Award winning compliance consultants help your business associates understand the importance of data security and guide them through their HIPAA compliance requirements.
AbOUT SECURITYMETRICSSecurityMetrics is a global leader in data security and compliance that enables businesses of all sizes to comply with financial, government, and healthcare mandates. Since its founding date, the company has helped over 1 million organizations protect their network infrastructure and data communications from theft and compromise with exceptional value to customers worldwide. Among other services, Security-Metrics offers HIPAA assessments, PCI audits, penetration tests, security consulting, data discovery, and forensic analysis.
www.securitymetrics.com/hipaa
© 2014 SecurityMetrics | 1275 West 1600 North | Orem, UT 84057 | www.securitymetrics.com
