Top

Why is HIPAA important?


Like specialists to whom doctors refer patients and tests they order to determine an accurate diagnosis, someone with the necessary skills and experience must evaluate your technology environment.

A HIPAA Security Risk Analysis is no easy task to undertake yourself, nor is it a simple checklist you can complete or a cheap “vulnerability scan” you can purchase on the Internet.

We simplify HIPAA Security Rule compliance with a structured, systematic approach built to meet the requirements of auditors, to protect your practice and enable you to focus on growing your business.

Services We Offer

Where’s the Love?

WHAT?!? You don’t love HIPAA as much as we do?? Then give us a call and let our HIPAA experts help you navigate these tricky waters. HIPAA Security Compliance is a mystery to most folks and seems like a complete waste of time to others. It’s even more mysterious if you don’t understand the technical details applicable to HIPAA. The regulations are full of confusing technical terms, IT buzzwords, and security concepts with which many business professionals are not familiar.

Diagnosis: IT’s Complicated

To survive a HIPAA audit or data breach investigation, you need IT security experts like Garner IT Consulting. Like specialists to whom doctors refer patients and tests they order to determine an accurate diagnosis, someone with the necessary skills and experience must evaluate your technology environment.

Trust the Experts

A HIPAA Security Risk Analysis is no easy task to undertake yourself, nor is it a simple checklist you can complete or a cheap “vulnerability scan” you can purchase on the Internet. It requires a thorough analysis of every area of your practice’s systems and workflow by a trained information security professional. You’ve got to review, assess, and document an array of items, such as:

  • Physical Safeguards – Alarm systems; locks and access control systems; visibility of computer screens; etc.
  • Administrative Safeguards – Staff training; user activity auditing; policy enforcement; etc.
  • Technical Safeguards –Secure passwords; data backup; virus and malware prevention; data encryption; etc.
  • Policies & Procedures –Documented protocols for authorizing user access; record retention; documented security measures; etc.
  • Organizational Requirements – Vendor access security measures; vendor contract review and updates

A proper Risk Analysis requires you to look deep into your IT environment to identify its strengths and weaknesses, and understand how these relate to specific HIPAA compliance requirements you face.

Security Simplified

All covered entities and business associates must perform an accurate and thorough Risk Analysis of risks to ePHI. Garner IT Consulting’s HIPAA Security Risk Analysis helps medical practices meet this requirement. We offer Managed HIPAA Compliance services, including annual assessments each year, plus on-going security monitoring and alerting.

This service is designed to dramatically reduce the amount of time your practice will spend on:

Education regarding technical terms and "IT buzzwords"

Gathering technical information on assets such as devices, users, and locations of data

Performing internal and external vulnerability testing

Generating necessary reports, plans, and policies

Performing on-going monitoring required for compliance

We simplify HIPAA Security Rule compliance with a structured, systematic approach built to meet the requirements of auditors, to protect your practice and enable you to focus on growing your business.

Shields Up!

HIPAA compliance doesn’t just protect you from the auditors – it provides you with an added layer of protection against cyber-attacks:

  • Identify vulnerabilities and implement security measures to mitigate or eliminate risks
  • Implement policies and procedures to protect against malicious software
  • Educate users on cyber-security and turn them into security assets for your organization
  • Implement access controls to limit unauthorized access to confidential information

HIPAA Security Rule (in a nutshell)

A Security Risk Analysis demonstrates that you’re putting appropriate safeguards in place to protect your patients’ electronic Protected Health Information (ePHI). HIPAA protects any personal information which can identify a patient, along with anything related to their diagnosis or treatment, in any form – written, verbal, or electronic. The Security Rule provides a framework for protecting ePHI.

Many people think a Risk Analysis is optional for small providers; or that they just need to complete a simple checklist that says they're secure, which is a misconception. Check out the Top 10 Myths of Security Risk Analysis.

According to HHS OCR, “Under the HIPAA Security Rule, you are required to conduct an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI) held by the covered entity. Once you have completed the risk analysis, you must take any additional “reasonable and appropriate” steps to reduce identified risks to reasonable and appropriate levels. (45 CFR 164.308(a)(1)(ii)).”

Required vs. Addressable Specifications

Some HIPAA Security Rule requirements are Required while others “Addressable." Required Specifications are…well…required. Addressable specifications are a little trickier. Some people may think they’re optional, but that's not correct.

HHS states that a Covered Entity “must implement an Addressable Implementation Specification if it is reasonable and appropriate to do so, and must implement an equivalent alternative if the Addressable Implementation Specification is unreasonable and inappropriate, and there is a reasonable and appropriate alternative.” If a Covered Entity chooses NOT to implement an Addressable Specification, their reasoning must be clearly documented and justifiable.

Ultimately, it’s up to the HIPAA auditor to decide if you’re reasoning is good enough, so be careful on this one! Better safe than sorry – treat everything like it’s Required, and make doubly sure before you decide not to implement an Addressable Specification.

Common Technology-Related HIPAA Violations

  • Insider snooping – You can thwart unauthorized user access to a patient's records with password protection, tracking systems, and clearance levels.
  • Unprotected storage of private health information – Laptops, thumb drives, and other mobile devices are not secure. You should securely store PHI in an encrypted manner.
  • Not logging off your computer or a computer system that contains private health information.
  • Sending PHI via non-secure email over the Internet.

Service In 60, Guaranteed


Garner IT knows how detrimental to your business it can be to have computer and server problems preventing you from being productive. We also understand waiting on technicians while you can’t fill orders and customers are complaining just compounds the problem. We value your time! When you have a technical problem and call our support team we guarantee to have one of our experienced technician responding to your problem within 60 minutes or less.

Newsletter


Subscribe to our newsletter to receive latest news and updates.


By submitting this form, you are consenting to receive marketing emails from: Garner IT Consulting, 1330 Harrison Ave. , Panama City, FL, 32401, http://www.garner-it.com. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact