The post HIPAA Audit: OCR Is On The Move appeared first on Aegify.

Read Whitepaper

The post Keep your Healthcare business Secure and Healthy! appeared first on Aegify.

Barbara is the office manager for a Grand Rapids, Michigan family practice with four staffers and 1800 patients. The practitioner has been providing healthcare services to patients for 24 years. While attending her monthly association meeting of regional physician office managers, Barbara met local services provider Joe Dylewski, president of ATMP Solutions, a provider of healthcare IT technology for more than 20 years. (http://www.atmpgroup.com) Her challenge posed to Joe? To help her find an online risk assessment solution she could use without any previous IT experience or formal computer education. Her goal was to meet and sustain compliance with HIPAA and HITECH regulations, to fulfill a few core requirements of “Meaningful use” statues, and to facilitate patient care reimbursements from insurers. Several years ago the office had transitioned its patient records to an EHR system to automate day-to-day processes, thus helping to reduce administration costs.

A Solution for Compliance with HIPAA/HITECH

After conducting an evaluation of her office environment, ATMP Solutions recommended that Barbara implement Aegify RSC Suite, a cloud-based, SaaS-delivered application developed by Aegify Inc., of Santa Clara, Calif. The application helps meet HIPAA and HITECH privacy and security rules at dramatically less cost and complexity than standard approaches. “Aegify RSC Suite is probably the only tool on the market built from the ground up to Page | 4 service small medical practices,” said ATMP’s Joe Dylewski. “It also had the incomparable value of not requiring its users to have deep domain knowledge with the intricacies of HIPAA laws.”

Results of using Aegify RSC Suite

Said Barbara, “A major attraction of Aegify RSC Suite is its ability to collect and store all HIPAA-related provisions and related documents online into a single repository, making it a hands-on tool and thereby easier to use and access. The system is understandable given our level of tech expertise.” Having Aegify RSC Suite automate the risk assessment process by providing a comprehensive list of questionnaires gave the office its clearest picture yet of its current state of compliance, highlighting specific non-compliant areas, such as backup and recovery, that needed immediate addressing before the office could take comfort in knowing they were 100% HIPAA compliant.

Conclusion: Quick Deployment of Aegify RSC Suite

The deployment went as planned. “There was no need to schedule 40 hours to walk through the system,” said Barbara. “It only took 3-4 weeks to complete the entire process and determine our level of compliance.” “Being an ACO (accountable care organization), it was important for our practice to fall in-line with prevailing compliance standards, to not cause a bottleneck with other doctors’ offices or business associates, and most of all, to not find ourselves in any hot water with regulators. I know this [Aegify RSC Suite] is going to be useful. We’re already seeing other groups within our association take interest. They too want to get involved with ATMP and Aegify’s compliance solution.” “Another added plus about this application is the positive impact it has had with expediting our reimbursements, which is always good for business.”

The post Finding ‘Meaningful Use’ in a simple HIPAA Solution appeared first on Aegify.

About PolicyMedical

PolicyMedical, based in Richmond Hill, Ontario, produces document management solutions for healthcare providers. PolicyMedical takes an active role in shaping the field of governance, risk management, and compliance, through its advanced solutions in document management.

Its flagship software, PolicyManager, offers a policy management solution for healthcare. It has been supporting the policy & procedure management, risk & compliance, and accreditation efforts of healthcare providers for over a decade. Currently, over 1500 healthcare facilities are using PolicyMedical‘s web-based solution to handle their policy management.

About Aegify Inc

Aegify Inc. is a world-leading provider of Cloud-based software-as-a-service (SaaS) solutions for business security monitoring, risk and compliance management. The company’s flagship product Aegify is the world‘s-first, software only solution that disrupts the way businesses deal with security, compliance and risk management using an easy-to-use, cost-effective, subscription-based, cloud-SaaS solution. Headquartered in Santa Clara, Calif., Aegify has offices in the United States, Asia-Pacific, Middle East, and India. The company has received numerous industry awards, including the five-star highest rating based on   features, performance, documentation, support, and overall rating from SC Magazine.

Media Contacts

    Alex Jamieson
    Director of Media and Marketing
    policymedical.com | 647-494-9045
    Anupam Sahai, Co-Founder and CEO, Aegify Inc.
    Anupam.Sahai@Aegify.com
    1-408-219-1004

The post Aegify and PolicyMedical Announce New BA Manager Solution to streamline and improve Business Associate and Vendor compliance management appeared first on Aegify.

There was large number of information security breaches since 2009 ranging from thefts of hard drives (BlueCross Blueshield of Tennessee), laptop (AvMed), and backup tapes (New York City Health &Hospitals Corp.) resulting in compromising sensitive medical and health information of millions of people. Even as the full and final version of the HITECH breach notification rule is expected to be released later this year as part of an ‘omnibus’ package that would include several rules, the current version requires that organizations should conduct risk assessment to determine any incident that could be a potential threat and if it does cause harm, the eventual breach must be reported.

So is it really that difficult for healthcare organizations to take the right action as far mitigating such information risks are concerned? Actually no! It is not difficult if a prudent medical practitioner or healthcare enterprise owner ensures that healthcare compliance measures are in place by adopting the appropriate HITECH compliance solution. All that a healthcare organization needs to do is to enforce such a security policy that can restrict any unauthorized access. SecureGRC, an automated compliance solution from eGestalt, can help healthcare organizations deal with their compliance woes comprehensively. The solution is so designed that it can identify, remediate and maintain HIPAA and HITECH compliance for all healthcare organizations that handle Patient Health Information.

SecureGRC is equipped to help healthcare organizations achieve and maintain compliance to regulations set forth in both HIPAA and HITECH acts. Additionally, since the solution can be delivered via Cloud, not requiring any custom hardware investments, the compliance solution is actually future-proof! The solution not only automates the audit process but also provides concrete evidence of what risks need to be addressed and also how it should be addressed. eGestalt makes it easy to stay clear of Health information breaches with its fully optimized solution that addresses all healthcare compliance issues.

The post Staying Clear of Health Information Breaches appeared first on Aegify.

It has been found that 92% of the breaches occur through external sources. These sources use sophisticated hacking methodologies and different types of malware to gain access to the vulnerable IT systems. Currently the criminals are targeting the payment systems, as the U.S. Secret Service has clamped down all malware activities with a strict vigil on hosting services. It has also been seen that the small business organizations and medical practitioners fall easy prey to these heinous crimes as they do not have a reliable infrastructure and proactive policies to ward off these intrusive acts.

As per the HITECH Act any incident that poses a security risk to the personal health information of 500 people or more have to be reported. Penalties in the form of expensive fines are imposed on those found guilty of violating the HITECH Compliance regulations. Thus every medical and healthcare organization has to ensure the establishment of a regularized and compact security policy throughout the entire operation leaving no opportunities for any unauthorized access.

The best way to deal with all issues related to security, compliance and risk is to invest in the automated SecureGRC SB compliance solution that has all the capabilities to deliver compelling performances and create an invincible force against any malicious attacks. These solutions are cloud based services that constantly track and monitor all activities and provide real-time information instantly. With the help of the compliance management software solution the organizations are made aware of the new and revised regulations and the security policies of the organizations are updated immediately and automatically.

Often healthcare organizations suffer losses due to employees’ negligence or due to inadequate information and training. The automated compliance solution provides a respite to the organizations by providing intelligent analytical assessments and reporting facilities that help to keep track of the compliance status. A strict authentication process is deployed that thwarts all damaging attempts. With the services offered on the cloud, any mid-sized or a small organization can easily afford this solution to use it as a remedy for reviving their declining operations. Now with a trustworthy and inexpensive healthcare compliance tool within easy reach, there is no excuse for falling into a trap and losing one’s hard-earned reputation.

The post An Authoritative Compliance Security for an Unwavering Presence appeared first on Aegify.

Breach reporting has become an intrinsic and important element of the HITECH Compliance regulations. All data breaches crossing over 500, are required to be reported to the HHS within 60 days, while data breaches under 500 can be submitted annually. These breaches although not published by the HHS, they are compiled and sent to congressional committees as per the HITECH stipulations. With data breaches resulting in not just penalties but also the erosion of precious reputation and image of different health care providers, it is time that health care providers take efficient compliance measures to abide as per HIPAA and HITECH regulations effectively.

The idea is to work smartly and bring about complete visibility with an effective and economical security solution as far as safeguarding of security of patient’s health information is concerned. Most small health care practitioners worry about the investment aspect involved in installing compliance solutions, but here is eGestalt’s SecureGRC SB, which is an ideal solution especially for small medical practices. A one-stop solution, it allows health care providers to abide as per the compliance regulations of HIPAA/HITECH.

A web-based solution, SecureGRC SB offers a unique approach to tackle security and data breach issues. Owing to its ability to deliver services on the cloud, it can capture information and keep you updated constantly in case of any changes in regulatory policies. SecureGRC SB is an economical, easy to use web based solution that can help small medical practitioners be HIPAA Compliant. It is high time that small healthcare practices opt for a suitable compliance healthcare solution to tackle data breaches intelligently and make data breaches a thing of the past.

The post Time to Make Data Breaches a Thing of the Past appeared first on Aegify.

It does not matter whether the cause of the damage is intentional or accidental. But the repercussions can definitely matter a lot to any healthcare organization. It is difficult to recover from the penalties and is an uphill task to rebuild the years of reputation that can get washed away instantly with just one unfortunate accident. The SecureGRC SB is an ideal solution that helps all medical organizations to stay compliant not only with HIPAA/ HITECH requirements but also with other compliance regulations such as PCI Compliance, SOX and ISO 27002. The unique approach to settle all security issues and tackle all data breach possibilities is laudable. This is a web-based solution that delivers services on the cloud. It deploys a monitoring system that constantly monitors and captures real-time information and keeps providing regular status through the front dashboard.

This solution does not entail the purchase of any new infrastructure and thus saves organizations from the worry of investing in new hardware. SecureGRC SB provides optimum healthcare compliance assistance as it is affordable, and due to its automatic updating capabilities organizations can modify their existing practices according to the revised regulations. It also facilitates tracking and monitoring the activities of business associates by providing the best HITECH Compliance management solutions. Though negligence and callousness are unforgivable as far as a patient’s confidentiality is concerned the automated SecureGRC SB can help eliminate the possibility of such occurrences and provide safer and secure medical grounds for patients and providers.

The post Cignet Pays A Heavy Price for HIPAA Violation! appeared first on Aegify.

As per a recent study conducted by Redspin – the leading service provider of HIPAA risk analysis and IT security Compliance, between August 2009 and December 2010 6 million people have been affected due to security breaches. The number accounts for only those security breaches reported to the Department of Health and Human Services, which means that the actual number may have exceeded 6 million.

It is an alarming fact that despite efforts to tighten security measures, medical organizations especially the small practices are constantly a soft target for various kinds of illegitimate activities. And this is not just because of hackers who use sophisticated technology to disarm the security system, but also due to loss and theft of mobile devices which have become predominantly a regular practice.

The freedom to use USBs, cell phones, laptops etc to keep pace with the competitive world has made the employees and organizations overlook the discreet use of such confidential data and its dire consequences. Business Associates have been identified as another vulnerable link resulting in security breaches.

The small medical practices are consistently faltering in being compliant with the HIPAA/HITECH regulations as they are incapable of stretching their budgets to employ new infrastructure and deploy solutions to curb all malpractices.

SecureGRC SB is a one-stop solution for all security and risk assessment needs without any additional costs for a new infrastructure. This service is provided on the cloud which therefore fulfills all HIPAA / HITECH compliance requirements pertaining to small business. Small businesses are provided with complete control to gauge the requirements for HIPAA and HITECH through a simple self assessment menu.

The SecureGRC SB contains a central repository for all documentation purposes pertaining to HIPAA. It sends reminders to ensure compliance regulations are maintained. It follows an automatic updating schedule as per the latest and revised regulations. It provides reports regarding the compliance status for auditing. The solution ensures maintenance of a track record of the business associates and provides plug-ins in case of any PCI-DSS compliance requirement.

Small businesses can neither afford expensive solutions nor penalties for non-compliance. They need to adopt an astute approach towards IT healthcare compliance to achieve high scores. SecureGRC SB is the perfect solution – an affordable, precise and simplified option with guaranteed results.

The post Safe and Secure Compliance Practices For Small Business appeared first on Aegify.

The billions of dollars worth of incentives set aside for hospitals and physicians for implementing secure Electronic Medical Recordkeeping (EMR) have spurred security initiatives in the healthcare industry. Many healthcare entities are now ramping up their security measures in governance risk assessment, encryption and email security, data loss prevention, and providing formal security training to employees.

To qualify for these incentives however, healthcare organizations must use an EMR system that has been certified to include specific functions comprising a strong set of security features. Hence, issues including threat mitigation, risk analysis, and compliance with HIPAA and HITECH Acts have now come to the forefront. However, a significant challenge stems from the fact that most medical practitioners are unfamiliar with encryption and user authentication technology, and the idea of conducting a risk assessment is foreign to them.

Sole practitioners and small HIPAA healthcare entities especially face issues in achieving and maintaining compliance with HIPAA and HITECH Acts. With HITECH redefining the responsibilities of Business Associates, creating stricter notification standards, tightening enforcement, and raising penalties for non-compliance, small healthcare entities are in need of a solution that can manage these elements efficiently and in a cost-effective manner.

Moreover, with the HITECH Act promoting and offering incentives for the adoption of secure EMR, small medical practitioners face a growing dilemma since adopting an EMR system not only means government incentives, but also greater security risks and bigger penalties for non-compliance.  This is where eGestalt’s SecureGRC SB comes in handy.

SecureGRC SB: Simplified HIPAA/HITECH Compliance Solution for Small Medical Practices

A unified security monitoring and compliance management solution delivered on the cloud, SecureGRC SB is the first of its kind. It offers an inexpensive, easy-to-use, automated system of compliance, specially designed for small medical practices, and their Business Associates to identify, remediate and maintain their HIPAA and HITECH compliance.

With built-in HIPAA/HITECH support, SecureGRC SB efficiently addresses all HIPAA/HITECH requirements, and also helps manage Business Associates with a simple wizard-driven automation tool. SecureGRC SB can be easily extended and automatically kept up-to-date with latest versions and revisions of these Acts.

The post EHR Incentives: A Catalyst for IT Security appeared first on Aegify.