The Saturn Partners, Inc. offers a complete security audit for your health care IT environment. Whether you are a small clinic or large hospital, you know there are compliance standards you must maintain for the protection of PHI.
In addition, as an health care compliance officer, IT Direction, VP of Operations or Security, you are well aware of the daily threats to the privacy and security of your proprietary applications, server, firewall and wireless traffic.
We are experienced in taking the security standards below and performing an in depth on and offsite series of tests, social engineering, policy and emergency preparedness reviews in order to evaluate levels of overall security in the network environment.
Then we prepare a customized security and compliance program, working with your budget and management team, to ensure that your environment will show complete compliance to all of the applicable HIPAA standards as it applies to security of your PHI, infrastructure and network environment.
|Security standards: General rules. |
(a) General requirements. Covered entities
must do the following:
(1) Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains,or transmits.
(2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.
(3) Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under subpart E of this part.
|164.308 (a)(1)(i)(ii)(A)||(a) A covered entity must, in accordance|
with § 164.306:
(1)(i) Standard: Security management process. Implement policies and procedures to prevent, detect, contain, and correct security violations.
(ii) Implementation specifications:
(A) Risk analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.
|164.308(a)(1)(ii)(D)||(D) Information system activity review |
(Required). Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.