PCI-DSS Compliance must be met by ANY business that processes, transmits, or stores card holder information.

GLBA Compliance must be met by ANY business that processes, transmits, or stores personal identifiable financial information.

HIPAA Compliance must be met by ANY business that processes, transmits, or stores personal identifiable health information.

Although many Practice Management Systems advertise HIPAA compliance, ONLY their application or software is compliant unto itself!  The computer that houses the software and data as well as the network that supports it and the means by which you access it is NOT COMPLIANT! 

Our security concepts are designed to ensure the confidentiality, integrity, and availability of your electronic protected health information (ePHI).  We are here to ensure that ePHI information is accessed by ONLY those individuals who are allowed to access it; To ensure ePHI information is NOT intentionally or accidentally altered or destroyed; and to ensure ePHI information is accessible at ALL times possible.

HIPAA Security Quick Facts...

Fact #1: Regularly evaluate security risks to ePHI and either eliminate, mitigate, or transfer those risks.

Fact #2: Levy appropriate sanctions against to those who do not to comply with policies and procedures.

Fact #3: Regularly review security related activity logs.

Fact #4: Assign a Security Officer in writing.

Fact #5: Determine appropriate access to ePHI for all workforce members. 

Fact #6: Create appropriate employee termination procedures.

Fact #7: Create appropriate procedures for managing Information Systems.

Fact #8: Train employees in basic computer security and specific policies.

Fact #9: Establish and test security incident response procedures.

Fact #10: Backup and test ePHI on a regular basis.

Fact #11: Establish and test computer related disaster recovery procedures.

Fact #12: Evaluate effectiveness of policies, procedures, and technology.

Fact #13: Add appropriate security related language to ALL Business Associate Agreements.

Fact #14: Establish a facility safety plan.

Fact #15: Restrict facility access when necessary.

Fact #16: Maintain written work orders for security related repairs.

Fact #17: Establish workstation usage policies and procedures.

Fact #18: Ensure workstations, printers, displays, etc. are physically secure.

Fact #19: Ensure computer media are properly secured.

Fact #20: Ensure users have unique user IDs and passwords whenever possible.

Fact #21: Enable password-protected screensavers.

Fact #22: Gather technical audit data.

Fact #23: Secure data transmitted over the internet.

Fact #24: Update and review all security related policies and procedures regularly.

Let not your heart be troubled!  Our organization focuses on your Information Security and Compliance, Productivity and Performance, and Disaster Recovery and Business Continuity so you can focus on what you do best!  If you would like to learn more, please visit our Managed Services web page, or email/call us to set up your FREE consultation.

Resources...

JCAHO Resources

GLBA Resources

PCI-DSS FAQ

Payment Card Industry (PCI) Data Security Standard

PA Breach Law (SB-712)

 

HIPAA Resources

• HIPAA Security In-A-Nutshell

• HIPAA Security: Final Rule

• HIPAA Penalties

• HIPAA Self-Assessment

Dental Practice Management Software

Medical Practice Management Software