e.g.Template, Wizixo, WordPress theme
Intersect offers a true IT HIPAA Compliance service that is unlike any you have previously encountered or anything that you would be able to complete by-hand. It is not just another check-list process. Rather, we offer an automated, structured, and consistent approach to gathering the information to perform the HIPAA Risk Analysis as required by the Security Rule, and develop the output - the actual HIPAA Security Report that satisfies the HIPAA requirement. But, unlike most HIPAA compliance services that end there, Intersect's technology-driven process is just beginning. Intersect's strategy is aimed at assuring that the achievement of HIPAA compliance isn't just a one-time event. Furthermore the program is intended to aid in the prevention of an expensive and disruiptive breach.
Rather than provide an IT assessment, Intersect offers a HIPAA IT compliance approach. A one-time HIPAA Risk Analysis is a single snapshop-in time. It identifies problems and recommends remediation - but then what? Questions to be answered are: Have the problems been addressed? Is their evidence to show to an auditor or breach investigator? Are there changes or new problems?
HIPAA is an ONGOING challenge. Compliance can silently vanish in an instant. By repeating the risk analysis, new problems are identified early. Current information is available for an audit. With recurring risk analysis, the first evaluation becomes a baseline configuration. Subsequent analysis will identify what has changed since the last one. New issues that need remediation are identsified. Additionally, and reveal if there are any new challenges. And, the new analysis will provide documentation of remediations that were made for previous issues. Recurring Risk Analysis serve to provide a running health score on the network.
Compliance services which are limited to a single HIPAA Risk Analysis leave you with a list of problems, but fail to mitigate the risks associated with audits and breaches. The Risk Analysis identified problems and recommended remediation. But, when the problems have been mitigated, there is no evidence to substantiate the corrections. A recent large penalty ($2.75 million) was san example. Issues were addressed in the Risk Analysis, but there was no evidence that they were addressed. Recurring Risk Analysis reports will provide evidence to prove they were resolved.
Intersect's software tools will locate protected data files. It will search the network and create a report that specifies files that appear to have medical information or social seurity numbers and other information in them that points to this data. What is valuable about this report is that most organizations believe that users save all of their data to the servers; their protected medical information is in their EHR system. Our tool often identifies data that is PHI that they were unaware of. It is not backed up and not secure.
The tool prepares a list of users; are they current employees; are they no longer employed? Who has access to PHI, administrative rights, or access to financial information. This is not a "checklist" process. The entire assessment is automated, structured, and consistent. It is a true "under the skin" analysis designed to assure HIPAA compliance and help prevent against expensive data breaches.
A significant number of the highly publicised healthcare breaches with large HIPAA enforcement actions during the past few years would have been avoided by the services offered from Intersect.
Examples are the St. Joseph's Health System where the $2.14 million assessed against St. Joseph's was related to a server that was accidentally publishing to the Internet. Patients could Google themselves and be able to retrieve their medical records. When announcing the penalty, the OCR stated that the penalty wasn't just for the breach itself, but related to the fact that the organization failed to conduct a new Risk Assessment when the evnironment changed with the addition of a new server.
The $2.75 million penalty against the University of Mississippi found that they had identified numerous problems during a risk analysis, but hadn't fixed them (or been able to documewnt that they had). Regular recurring reports from Intersect would not only have identified the initial problem, but subsequent reports would have provided proof for actions taken to mitigate them.
These were very large fines - $2.14 andl $2.75 million for issues that would have been avoided with the services proposed by Intersect. A large number of other instances when penalties were assessed for violations from terminated former employeers, inappropriate administrative access, and other unintention actions could have been identified and corrected.
English 
Español
Français
Deutsch