The HIPAA assessment tool automates the data collection in relation to HIPAA compliance. It is the first purpose-built IT tool of its kind to combine the automated collection of network data with information gathered through observations, photographs and surveys. The forms that are needed for your supplementary data gathering requirements are directly integrated into the tool. That makes it easier to enter the data, and dramatically streamlines the otherwise laborious document-generation process. All the data you gather is crunched by our HIPAA risk assessment engine and reports are automatically generated, with all associated supporting documentation.
The software includes a built-in Site Interview questionnaire that you can print out, or type the answers directly into the HIPAA Risk Assessment Engine. Next, the On-Site Survey is for you to personally observe the environment, take photographs and check on a wide range of security policies. There’s no guesswork here – The software includes the comprehensive checklist of things to look for, and a place for you to record your answers and upload your imagines. You can do all of this while conducting the Network scan of the environment. This scan is non-invasive and can be run directly off a single memory stick, and the results of all individual scans are automatically collated back into your master report. Additionally, you’ll kick off an External Vulnerability Scan. A mountain of reports at the push of a button, saving you untold days, or even weeks, worth of production work.
It’s also the only software with a built-in HIPAA risk assessment engine that automatically generates a complete set of the official documents that comprise a comprehensive HIPAA IT assessment including:
- HIPAA Risk Analysis: A high level, non-technical summary report of all issues found within the network that pinpoint where the client is not HIPAA compliant and provides recommended remediation. The client is also given an overall baseline score of where they stand and all issues are stack-ranked based on severity and threat to the network. Example of issues are: unsupported operating systems, anti-spyware not installed, user password set to never expire, workstations with ePHI not backed up. More examples can be found in the sample reports
- HIPAA Management Plan: This report is for remediation and groups all issues found in the risk report and groups them into high, medium and low risk buckets. This helps plan a course of remediation and see which issues need to resolved as quickly as possible.
- Evidence of HIPAA Compliance: This report documents and supports the due diligence by the client/service provider to become HIPAA compliant. Should they be audited, it’s this documentation that they would provide OCR to show what has been completed to get HIPAA compliant.