1

HIPAA Entity Identification

For any healthcare organization to have complete HIPAA compliance, the company must have physical, network, and process security barriers. HIPAA-covered entities include:

• Business partners
• Operation
• Payment
• Subcontractors
• Treatment

2

Preliminary Risk Identification

Our professional team of experts will perform an in-depth analysis to receive a high-level assessment of all the risks and vulnerabilities. This primary check allows us to determine our steps for further investigation to make sure your website is well within the HIPAA-compliant boundaries.

3

PHI Inventory

Protected Health Information (PHI) can include any kind of record related to an individual patient’s health. To fall under PHI, the following criteria must be met:

• The patient is identifiable through the data that is stored.
• The patient data is only disclosed to a covered entity during the care of the patient

With a complete PHI inventory check, we can take into account all the PHI that is currently in your system, along with their integrity.

4

NPP

Notice of Privacy Practices (NPP) establishes that all practices taking place in the organization need to clarify their privacy policies to all patients and potential clients. We work with your organization to implement NPP to full disclosure of the uses of PHI to all patients. We also work on defining the right of a patient to access and amend their medical information.

5

Security Risk Assessment

In the case of a security risk assessment, our team always prioritizes procedures that work as a perfect balance between cost-effective and optimal. Even when working with a cost-effective solution, our assessments are always thorough, and we leave no stone unturned to figure out every possible security loophole to reduce risk. There is also a breach notification rule which enforces that all patients must be notified in the event of any data leak that may occur within the organization.

6

Security Review

Once the risk assessment for HIPAA security is done, we do a complete review of the entire risk assessment report to identify points where the system can be improved.

7

Security Test Design

Once the risk assessment is complete, we move on to designing a new security infrastructure if needed. The new design is then scrutinized by developers, who follow a strict checklist to ensure that every aspect of the new security system has been covered.

8

Vulnerability Analysis

After designing the new security system, we perform vulnerability tests (e.g. penetration testing) from both the inside and outside perspectives to determine the overall strength of the new security system.

9

Remedy Recommendations

Once the test is done and one or more vulnerabilities have been identified, we’ll create a detailed document that will describe and justify all the possible remedies for each existing security gap.

10

Security And Vulnerability Management Planning

Based on the previous assessments and reports, our security specialists will develop and provide a security and vulnerability management plan which will help your organization stay compliant with HIPAA regulations.

11

Documentation Templates

We at TechForing believe in complete transparency. To ensure there’s no communication gap between both parties, we’ll provide you with detailed documentation about all our required policies and procedures for you to develop a deep understanding of current HIPAA policies. To help you further with continued compliance, we will also provide you with templates for all HIPAA-related documentation.