HIPAA Services Overview

Technology driven!

Intersect's HIPAA compliance services are designed for small, mid-tier and safety-net healthcare organizations.

Intersect offers a true IT HIPAA Compliance service that is unlike any you have previously encountered or anything that you would be able to complete by-hand. It is not just another check-list process. Rather, we offer an automated, structured, and consistent approach to gathering the information to perform the HIPAA Risk Analysis as required by the Security Rule, and develop the output - the actual HIPAA Security Report that satisfies the HIPAA requirement. But, unlike most HIPAA compliance services that end there, Intersect's technology-driven process is just beginning. Intersect's strategy is aimed at assuring that the achievement of HIPAA compliance isn't just a one-time event. Furthermore the program is intended to aid in the prevention of an expensive and disruiptive breach.

Recurring Risk Analysis Benefits

Rather than provide an IT assessment, Intersect offers a HIPAA IT compliance approach. A one-time HIPAA Risk Analysis is a single snapshop-in time. It identifies problems and recommends remediation - but then what? Questions to be answered are: Have the problems been addressed? Is their evidence to show to an auditor or breach investigator? Are there changes or new problems?

HIPAA is an ONGOING challenge. Compliance can silently vanish in an instant. By repeating the risk analysis, new problems are identified early. Current information is available for an audit. With recurring risk analysis, the first evaluation becomes a baseline configuration. Subsequent analysis will identify what has changed since the last one. New issues that need remediation are identsified. Additionally, and reveal if there are any new challenges. And, the new analysis will provide documentation of remediations that were made for previous issues. Recurring Risk Analysis serve to provide a running health score on the network.

Evidence for Investigations

Compliance services which are limited to a single HIPAA Risk Analysis leave you with a list of problems, but fail to mitigate the risks associated with audits and breaches. The Risk Analysis identified problems and recommended remediation. But, when the problems have been mitigated, there is no evidence to substantiate the corrections. A recent large penalty ($2.75 million) was san example. Issues were addressed in the Risk Analysis, but there was no evidence that they were addressed. Recurring Risk Analysis reports will provide evidence to prove they were resolved.

A similar problem arises in regard to encryption. This is critical, because encryption is an exception if data is lost and typically does not have to be reported to the federal government. Also, patients aren't required to be notified if it is encrypted. The challenge is that if a device is lost (and unavailable), and you must be able to prove it was encrypted even when it is not there. In that scenario, encryption reports are invaluable.

 

Under the Skin Investigation

Intersect's software tools will locate protected data files. It will search the network and create a report that specifies files that appear to have medical information or social seurity numbers and other information in them that points to this data. What is valuable about this report is that most organizations believe that users save all of their data to the servers; their protected medical information is in their EHR system. Our tool often identifies data that is PHI that they were unaware of. It is not backed up and not secure.

The tool prepares a list of users; are they current employees; are they no longer employed? Who has access to PHI, administrative rights, or access to financial information. This is not a "checklist" process. The entire assessment is automated, structured, and consistent. It is a true "under the skin" analysis designed to assure HIPAA compliance and help prevent against expensive data breaches.

HIPAA, like cybersecurity, is an ongoing challenge; and compliance just like cybersecurity can silently vanish in an instant. If something stops working or someone writes their login on a post-it-note and sticks it on a monitor all of the security efforts can be nulified.