Helping you do HIPAA
no matter where you are in the process.

  • We review the required elements of the HIPAA Privacy, Security, and Breach Rules against your compliance program. Over one hundred questions are asked and evaluated to provide you a complete HIPAA compliance overview of your where you stand with suggestions on items to be addressed.

  • We review your threats to ePHI and your policies and procedures in place to protect your ePHI. A serious of questions and reviews are completed to provide your Meaningful Use Risk Assessment Report. This option meets the Core measure for meaningful use but does not provide further HIPAA assessments.

  • The entire rule is reviewed as in the General Assessment above plus we perform the threat to ePHI review required for a Security Rule Risk Analysis report. All information is provided in a report that shows your risk level, operations compliance level, gaps to fill, threats to be addressed and more.

  • Everyone needs a coach to keep them on track. Kardon Compliance helps you review your compliance plan and keeps you on track with tasks by making accountability review dates.

  • ComplyAssistant is the cornerstone of our management tools. The web based software provided project management, document management, breach and event management, and more. The extensive documentation requirements of HIPAA 2.0 are really hard to manage properly without a tool like ComplyAssistant.

  • Our assessments will ask if you have a policy or procedures in place. If you need someone to review those polices and procedures with you to check for changes that could be made, we are here for that too.

  • You need to review the Physical Safeguards of each of your sites. We can visit your offices and remote locations to look for problems and confirm safeguards are in place. Our detailed report includes photos of the sites and more.

  • There have never been so many concerns for Business Associates before under HIPAA. You can be doing everything right in your compliance plan but a failure by one of your BAs can land you in the middle of an OCR investigation and media storm without you seeing it coming. It could even come from a BA of YOUR BA. We can help you review your contracts, documentation, BA compliance status and build a plan to make sure they are doing best to protect you and your patients.

A complete and thorough Risk Analysis requires a good bit of thought and documentation. The HIPAA Security Rule requires CEs and BAs to “Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the organization”.

There seem to be many people who believe a Risk Analysis is a checklist of questions that you answer in a spreadsheet and you are done.  There is a good deal more to the Risk Analysis recommended for HIPAA than a simple checklist of questions.  Detailed analysis, documentation and research are required to complete the Risk Analysis as intended by the Security Rule.

Kardon Compliance performs Security Risk Analysis’ for practices and their Business Associates.  Other Services offered include:

Physical Site Review and Report – A review of all the physical plus relative administrative and technical safeguards in place. A detailed report of findings is created.
Complete HIPAA Compliance Audits – You are required to do self-audits of your compliance activity regularly. We assist in planning, performing and reporting the results.
Security Rule Implementation Coaching – A deep dive security rule coaching program. The program follows the Security Rule requirements one-by-one.
Policy and Procedure Assistance and Review – Assistance in completing all your written policies, help identify, and make the changes and additions you need.
Implementation Assistance and Provider Coordination – Assist and review implementation of your requirements for outside services companies (BA’s).
Network Vulnerability Testing and Reporting* – Part of your security audits should include a periodic scan of your network for security setting gaps or holes on your network.
Compliance Coaching Calls – It’s difficult to implement a plan with all that goes on during the day. Regularly scheduled calls will help keep you focused and on track.
Quarterly Compliance Status Reviews – HIPAA is an ongoing process. Similar to the coaching calls, this plan will review and address any issues you have with your projects.
Systems Security Management and Reporting Package* – Reviews and documents reports generated from our Systems, Anti-Virus and Patch Management agents.
HIPAA Compliant Backup Services* – Disaster Recovery and Business Continuity plans are easiest to build around HIPAA compliant offsite backup solutions.
Business Associate Audits and Due Diligence – Review operations and identify BAs. Review your BAAs for updates. Perform BA due diligence for confirmation they are making reasonable efforts to maintain their HIPAA compliance obligations thereby protecting your information and reputation properly.