Just like a road trip, before you know how far you have to go, you have to understand where you are right now. In nearly all cases, this requires much more than a checklist of items, but a thorough analysis of all your processes, systems and security protocols.
At Kardon, we take pride in the fact that we leave no stone unturned and never make assumptions in our evaluation process, that way the recommendations we make will be exactly what you need, not a canned offering that will make do. We offer a variety of assessment services – and often combine them – to meet the individual needs of each client.
Privacy, breach notification and security plans matter!
We will conduct a thorough review of your current situation and report our findings on where your HIPAA compliance program stands today, as well as a plan for how to address any gaps, where you may need a more thorough audit, and what must be done to meet requirements. Typically, this service includes:
- Security Risk Analysis
- Security Risk Assessment
- Privacy Rule Compliance Assessment
- Breach Rule Compliance Assessment
Security Risk Analysis
Where is your PHI and how is it protected?
Once you have a thorough compliance assessment, and take the necessary steps to address gaps, it isn’t always necessary to do a full assessment every year. In those cases, we can perform a scaled back version of the assessment to ensure your systems are working as they should and nothing new needs to be addressed.
Business Associate Management
Third party risk can be surprising.
HIPAA applies not only to medical practices, but to any business you work with that has access to your data. As careful as you are, if one of your vendors does something that is considered a breach, you are just as responsible as they are. Therefore, we help clients identify all potential “business associates” so you can provide them with a valid Business Associate Agreement per HIPAA requirements. We can also vet them to confirm that they have an active privacy and security program in place that meets the same standards as you do and help them put one in place if they don’t.
Are your policies and procedures working?
So you have your policies and procedures in place so you are all good, right? Not by a long shot. You must implement them and ensure that the activities they direct are actually happening. We can conduct an audit to ensure that all of your policies are being followed correctly and consistently, and if not, make recommendations for improvements so your practice is meeting HIPAA requirements and protecting patient data as you should.
Mock OCR Audit
We test your program following their audit protocol.
When you feel like you are in good shape, we can put your work to the test using the same questions that the OCR published for the second phase of their desktop audits. And don’t worry, we stay abreast of OCR testing changes, so as they make adjustments, so do we.
Physical Site Visits
How well does your physical security protect you?
Proper security goes well beyond protecting patient data and includes how you secure your facility as well. The best way to ensure you have the proper safeguards in place is to have us try to access areas that we shouldn’t. We will also provide a report on what (if any) deficiencies exist and what you can do to fix them.