Automated Vendor Compliance Management

A quick assessment strategy to assess the status of your BAs' compliance to regulations

As a successful Medial Practioner, here is an effective strategy to manage your BAs' HIPAA/HITECH Security and compliance status

Are you aware?

Section 13401 of subtitle D (Privacy) of the HITECH Act (42 USC 17931) states that "the additional requirements of this title that related to security and that are made applicable with respect to Covered Entities shall also be applicable to such a Business Associate and shall be incorporated into the business associate agreement be-tween the business associate and the covered entity" [Public Law 111-5, p 260]. In addition, penalties that apply to Covered Entities also will apply to Business Associates for non-compliance with the provisions of the Security Rule.

If you are a covered entity (CE)

As per HIPAA/HITECH a Covered Entity is any of the following:

  • A health care provider that conducts certain transactions in electronic form (called here a "covered health care provider")
  • coverdentityA health care clearinghouse
  • A health plan

An entity that is one or more of these types of entities is referred to as a "covered entity". This includes Doctors, Dentists, Chiropractors, and Psychologists, Nursing care or any small practice that deals with patient health information (PHI).

Who are your BAs?

BA's include but not limited to:

  • Offsite backup facilities
  • Transcription services
  • Billing services
  • Remote managed services
  • IT Service Provider
  • Third party administrators that assists health plans with claims processing
  • Pharmacy benefit managers
  • CPA / attorney / law firms who have access to PHI
  • Consult-ants that perform utilization reviews for a hospital

As a Medical Practitioner, if you are concerned about

  • The best way in getting  fully HIPAA/HITECH compliant quickly and cost-effectively, and
  • Ensuring that your BAs and their sub-contractors are indeed HIPAA/HITECH compliant as much as you are
  • Look no further, we have an automated way to help you ensuring your BAs' compliance through SecureGRC. HI-Scan and a Report on compliance (ROC) and a Risk Report (RR). Be assured, just a business agreement alone is insufficient to sail you through the compliance process

coverdentityHI-SCANis a quick technique to let you know the extent of compliance of your BAs to HIPAA / HITECH regulatory requirements. You can understand their security and compliance levels, the risk exposure through a quick scan in an automated way.

HI-SCAN(of only 20 questions) has a tremendous cascading effect. You do your survey and get your BAs to respond to this survey. You get a quick insight into where you are, before it is too late.

And if you slip up, the penalties could be stifling. Not a paltry $100, but as high as $50,000. Added to it, if it's proven that you were willfully negligent, the fines could be debilitating at $ 1.5 million.

Health care data breaches have affected nearly 11.6 million individuals out of which 6 million records were through the BAs. The average number of individuals per breach through the BA was 102,678. [Source: HHS]. How sure are you that you are not one among them?

Call up our Channel Partners who will help you with the HI-SCAN.

Some HI-Scan questions

  • Have you conducted a risk assessment?
  • Do you ensure that the third parties acknowledge their responsibilities for data in their possession and control?
  • Have you formulated and implemented procedures to report, monitor, and track all security incidents until they are resolved?
  • Have you established policies and procedures for implementing privacy-related security safeguards?
  • Have you formulated and implemented operational roles and responsibilities thereof?
  • And many more such simple questions in a short set of 20 questions that help you get a quick and a cost-effective rich risk-assessment…
  • What are you waiting for?

SecureGRC 11 offers

  • Continuous Security and Compliance with Real-time dashboards
  • Can be used for self-assessment, pre-audit and auditing purposes
  • HI-SCAN - an automated tool allows you to manage the risk associated with your BA¡¦s through an automated fashion
  • Do it once - Multiple Regulation Harmonization
  • Configurable citation and policy based Risk Model with real-time risk status
  • Ready-to-use pre-packaged con-tent-Policies, best practices, assessment Questions, with the ability to fully and quickly customize
  • Completely cloud-based service with no hardware or software investments required
  • Extensive Reports - Risk reports and compliance reports on demand
  • Single and centralized repository for all compliance related evidence
  • Integrated External BA and Vendor management
  • Easy plug in if you also need PCI-DSS compliance
  • Compliance activity email reminders
  • Exclusive, secure customer instance of SecureGRC
  • And many more...

Why SecureGRC 11 makes a difference?

SecureGRC™ is a world-leading, multiple award winning cloud based automated IT Security and Compliance management solution for all businesses, including small and medium businesses. SecureGRC™ includes all security and IT-GRC functions required to be compliant with easy to adopt compliance management framework with ready to use frameworks, leading edge context based inference engines, most advanced alert processing and easy to use logging and monitoring solution.

Dramatically reduces Total Cost of Ownership (TCO)

End-to-end automation eliminates costly manual procedures reducing costs by up to 90%; transforms regulatory compliance from a reactive to a proactive environment. Dependence upon expensive external “experts” creates an environment of sudden panic every time an audit is scheduled.  Thorough, automated control creates a culture of calm, Continuous Compliance.

SecureGRCTM is,

  • The FIRST true cloud-based Security and IT-GRC
  • The ONLY 100% channel focused organization
  • The ONLY multi-tenant solution
  • The ONLY single scalable solution with a GUI to scale from single user to enterprise
  • The ONLY product with built in best practices, policy and procedure templates (and for FREE)
  • A fraction of the priceof our competition
  • And sold exclusively through Channel Partners
  • And many more…

SecureGRCTM is,

  • A simple, cost-effective, easy-to-use, IT security and compliance management solution to help you understand and gain control over your enterprise wide PCI-DSS security and compliance requirements
  • Constantly kept up to date with the latest versions and revisions
  • Delivered from the Cloud delivery that means no hardware or software investments for you,
  • Fast on implementation, no support or backup requirements and the assurance that your compliance solution is future-proof
  • PCI-DSS support is built-in, easily extended, and automatically kept up to date.
  • All data is stored in a SaS 70 Type II secure Data Centre and NO electronic records information is removed from a client site.
  • Simplifies the complex and time consuming process of getting into and maintaining Security and Compliance

Just start with question number 1, then 2. It’s that simple. Once you have made your first pass with inputs from multiple departments, our unique risk calculator will help prioritize the areas you need to focus on first. With our built in “Best Practices” library, we explain how to resolve each and every open issue with a common sense approaches.

Quote

Says Dr. Kellner, a licensed psychologist and trained psychoanalyst with over 10 years of experience, of Mount Kisco, NY, “I have been practicing for over 10 years and never thought I had any reason to be HIPAA compliant. After all, I have a private practice, I’m, not a hospital. But I attended a webinar by eGestalt on their product called SecureGRC SB. I quickly realized that I had several areas of exposure regarding my patient’s information. So I tried the SecureGRC SB program ... and was easy to use”.

I was really surprised in the number of areas that I was ex-posed, says Dr. Kellner. “Using the program I quickly identified and fixed the problems. I am now requiring all of my Business Associates to use this program to help protect my practice. I know I would never get audited, that was not my concern. I just wanted to make sure I was doing the right things to protect my patient’s privacy and this was an inexpensive and low risk approach.” - J. Kellner Mount Kisco, NY

Managed Compliance Providers make your compliance process easy

eGestalt Managed Compliance Providers quickly and professionally implement this automated solution and help you quickly learn to take rapid action to resolve any processes or systems that are out of compliance. SecureGRC Compliance Manager then keeps constant vigil over your systems and personnel to make sure you remain in Continuous Compliance.

A simple 5 step approach in becoming PCI compliant

A Step-by Step Approach for your enterprise to Comply with the latest PCI-DSS … At your own Pace… with help from your friendly channel partner!

1. cloud based Participate in Cloud-based Self-Assessment or send out a Survey to all your BAs
2. Compliance Document You and your BAs upload compliance Documents into your Secure Online Repository
3. Compliance Report Run Risk and compliance report to generate Action Roadmap. You have a full view of the Risk status of your BAs.
4. Compliance Roadmap Complete your Compliance Roadmap Action items and work with the high-risk BAs to get them compliance using SecureGRC
5. tech Compliance You and your BAs achieve and prove HIPAA/HITECH compliance

egestaltDownload automated Vendor compliance management brochure

Contact us: Call +1 (408) 689 2586 or email This e-mail address is being protected from spambots. You need JavaScript enabled to view it