Our team is driven by a passion for focusing on security...so you don't have to
We provide dependable risk assessments and policy recommendations to ensure your patients receive excellent care and your business integrity remains strong and industry compliant.
The TSG Baseline Evaluation is an excellent place to begin your HIPAA Security Rule compliance journey. Based on your survey responses, TSG will perform a comparative analysis to provide you with a Baseline Evaluation Report that will help you identify some preliminary areas of concern. While this service does not substitute for a Risk Analysis, it is an excellent compliance gauge.
The scope of our Baseline Evaluation covers important aspects of both your physical and technical safeguards, which are vital to the integrity of your company’s security compliance.
The HIPAA/HITECH Act permits civil charges to be filed on behalf of victims. Fines for HIPAA violations often reach $50,000 for each violation, with a maximum of $1.5 million per year. The lofty fines on HIPAA violators reflect the importance of maintaining and protecting ePHI, and PHI in the same respect.
Let our TSG Baseline Evaluation help you take a pro-active approach to your HIPAA Security compliance goals. Take advantage of our free preliminary evaluation and put your company on the path to HIPAA Security compliance.
Very few healthcare organizations can afford to train existing staff or hire HIPAA security experts to handle all aspects of HIPAA Security compliance; which oftentimes delays compliance efforts. TSG can help your organization bridge the compliance gap by performing a thorough HIPAA Security Compliance Evaluation.
A Security Compliance Evaluation, sometimes referred to as a Compliance Assessment, broadly covers all 18 Standards and 42 Implementation specifications that comprise the Administrative, Physical and Technical Safeguards (CFR 164.308, 310, 312) in the HIPAA Security Final Rule. Additionally, this evaluation must cover CFR 164.314 and 316 related to Organizational Requirements, Policies and Procedures and Documentation.
As indicated above, completing this HIPAA Security Compliance Evaluation is required by every Covered Entity and Business Associate. The language of the law is in 45 C.F.R. § 164.308(a) (8):
Standard: Evaluation - Perform a periodic technical and non-technical evaluation, based initially upon the standards implemented under this rule and subsequently, in response to environmental or operational changes affecting the security of electronic protected health information, which establishes the extent to which an entity’s security policies and procedures meet the requirements of this subpart.
This type of assessment is a critical step and should be completed whether one is just starting a HIPAA Security Compliance program, rejuvenating an existing program or maintaining an existing program. The output of the evaluation establishes a baseline against which overall progress can be measured by responsible parties.
A TSG Security Compliance Evaluation features:
A broad evaluation of your organizations policies and procedures in relation to the HIPAA Security Final Rule
A Security Compliance Evaluation Findings Report that details shortfalls and remediation strategies
A Security Compliance Evaluation Report Card that provides metrics to aid in tracking compliance progress
Our TSG Security Experts will help your company protect what is most valuable –peace of mind in knowing confidential data is secure from unintentional or intentional security threats. It is crucial your company complies with electronic protected health information (ePHI) standards per the HIPAA Security Rule of the Administrative Provisions in Title II of HIPAA. Read more about the HIPAA Security Rule.
Threats may be defined in an information system environment as an event which causes a company’s secure infrastructure to become vulnerable due to natural disasters, environmental hazards or human error.
After a comprehensive step-by-step risk assessment is addressed and initially implemented, TSG will further provide assistance in Risk Management through annual reviews and assess further steps necessary to maintain high-level ePHI security.
The continuous process of risk management starts with identifying the current risk within your environment, often by performing an internal risk assessment, which results in defining and documenting (in the form of policies) controls to mitigate the known risk. This is followed by the implementation of documented controls, often involving new software, hardware, and procedures.
Lastly, once controls have been implemented, they must be tested and monitored on a regular basis to ensure they are operating as expected. As the environment changes, the cycle repeats to identify new risk, implement new controls, and continued testing to ensure risk levels are mitigated as expected.
Is your organization ready for a possible OCR audit? Your policies should be the foundation that your HIPAA Security Compliance Program is built upon. TSG Security Policies offer comprehensive HIPAA Security Rule coverage by addressing each standard in 45 CFR 164.308, 310, 312, 314 and 316.
We take into account results from your Security Evaluation and Risk Analysis to tailor your security policies to meet your specific needs. Comprehensive, well-written security policies will be your first line of defense in an audit, so don’t rely on canned policies that speak in generalities and vagueness.
In the initial OCR Audit Pilot Program, 65% of the findings were related to the Security Rule with 42% of the audit issues related to the Administrative Safeguards (45 CFR 164.308), 40% related to Technical Safeguards (45 CFR 164.312), and 18% related to Physical Safeguards (45 CFR 164.310).
Your company’s ePHI security will reach its fullest privacy potential through employee security awareness and training. If your workforce is unaware of its role in adhering to and enforcing security safeguards, you are at a significantly higher risk for vulnerabilities. TSG provides clear and concise instructions for access, storage, transmittal and disposal of ePHI.
Your employees will be given valuable knowledge of key points necessary to maintain a high level of security, as well as proven ways to implement what they have learned. The following are few of the areas which will be covered during training:
Password management procedures to strengthen access control and retain heightened data security.
Remote device/media protection protocols to reinforce policies that prohibit leaving devices/media in unattended personal/public areas.
Training on policies prohibiting the transfer of ePHI over open networks (including email clients) or downloading ePHI to public or remote devices.
Our training doesn’t stop at the employee level. Training is also available for management and administrative personnel. Here we explain the importance of:
Access control safeguards
Data transmission protocols
Data integrity safeguards
You have completed your assessments and have a findings report that details vulnerabilities and remediation strategies; now what? The answer is TSG Remediation Management services.
TSG will work with your organization to help you decide on the remediation strategy that best fits your organizational structure and budget. We help facilitate and track remediation efforts, giving you peace of mind that your compliance goals will become a reality.
Did you know that foreign hackers are increasingly trying to steal healthcare records? Do you wonder if your organization could withstand an assault by hackers?
TSG can give you peace of mind beyond simply meeting HIPAA Security Rule compliance by performing Comprehensive Security Testing (Penetration Testing / Pen-Testing). Pen-Testing is performed by using the very tools that hackers use to penetrate networks and computer systems. Depending on your desired scope, TSG offers comprehensive social-engineering efforts that will test your employees’ policy knowledge and security awareness as well.
Our security experts scan for potential vulnerabilities, pinpoint real-world threats, reveal business impact and prioritize remediation using commercial grade tools.
TSG was created to provide dependable review and recommendations to help your business fulfill all of the HIPAA electronic data requirements. We have nearly ninety years experience in privacy, auditing/accounting, and telecom compliance.Learn More