Request Information Form



If you would like information or have an inquiry, please fill out the form below and someone will contact you as soon as possible.

 






Enter the code shown above
Submit
* Required
XCS Services › HIPAA Compliance

XCS HIPAA Compliance Solutions

The goal of the Health Insurance Portability and Accountability Act (HIPAA) is to simplify the administrative processes of the healthcare system and to protect patients’ privacy. Information security considerations are involved throughout the guidelines and play a major role in complying with the Privacy Rule. The purpose of this rule is to protect personally identifiable information (PII) as it moves through the healthcare system. Healthcare organizations, including providers, payers and clearinghouses, must comply with the Privacy Rule.

To help healthcare organizations comply with the Privacy Rule, Security Standards have been created to help organizations protect PII. These standards encompass administrative procedures, technical security mechanisms and services, and physical safeguards. Compliance with HIPAA and the Security Standards outlined by the Act is imperative to the ongoing business operations of healthcare companies. Failure to comply may not only result in regulatory actions, such as fines, but also direct business loss from lawsuits, damage to reputation and degradation of the public’s trust.

XCS offers a full breadth of services to help healthcare organizations address the components of the Security Standards outlined by HIPAA. We have extensive experience partnering with healthcare providers and we can help you improve your security and compliance posture while reducing costs. As described below, our Managed Security Services and Professional Services align directly with many components of the HIPAA Security Standards.

 

 

HIPAA Compliance Rule and Services

Administrative Safeguards

Standard

Summary of Requirements

Solutions

A. Security Management Process

Implement policies and procedures to prevent, detect, contain and correct security violations.

Specifications include:

  • Risk analysis (1A)
  • Risk management (1B)
  • Sanction policy (1C)
  • Information system activity review (1D)


    XCS Professional Services

B. Workforce Security

Implement policies and procedures to ensure that all members of its workforce have appropriate access to electronic protected health information (EPHI) and to prevent those workforce members who do not have access from obtaining access to electronic protected health information.

Specifications include:

  • Authorization and/or supervision (3A)
  • Workforce clearance procedure (3B)
  • Termination procedures (3C)

 

 

 

     XCS Professional Services

C. Information Access Management

Implement policies and procedures for authorizing access to EPHI.

Specifications include:

  • Isolating health care clearinghouse functions (4A)
  • Access authorization (4B)
  • Access establishment and modification (4C)

 

 

XCS Professional Services

D. Security Awareness and Training

Implement a security awareness and training program for all members of its workforce including management.

Specifications include:

  • Security reminders (5A)
  • Protection from malicious software (5B)
  • Log-in monitoring (5C)
  • Password management (5D)

 

 

 

XCS Professional Services

E. Security Incident Procedures

Implement policies and procedures to address security incidents.

Specifications include:

  • Response and reporting

 

 

XCS Professional Services

F. Contingency Plan

Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence that damages systems that contain EPHI.

Specifications include:

  • Data backup plan (7A)
  • Disaster recovery plan (7B)
  • Emergency mode operation plan (7C)
  • Testing and revision procedures (7D)
  • Applications and data criticality analysis (7E)

 

 

 

XCS Professional Services

G. Evaluation

Perform a periodic technical and non-technical evaluation that establishes the extent to which an entity’s security policies and procedures meet the above administrative safeguard requirements.

 

XCS Professional Services

Physical Safeguards

Standard

Summary of Requirements

Solutions

A. Facility Access Controls

Implement policies and procedures to limit physical access to its electronic information systems while ensuring that properly authorized access is allowed.

Specifications include:

  • Contingency operations (i)
  • Facility security plan (ii)
  • Access control and validation procedures (iii)
  • Maintenance records (iv)

 

 

XCS Professional Services

 

B. Workstation Use

Implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the physical attributes of the surroundings of a specific workstation or class of workstation that can access EPHI.

 

 

XCS Professional Services

 

C. Workstation Security

Implement physical safeguards for all workstations that access EPHI, to restrict access to authorized users.

XCS Professional Services

 

D. Device and Media Controls

Implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain EPHI into and out of a facility, and the movement of these items within the facility.

Specifications include:

  • Disposal (i)
  • Media re-use (ii)
  • Accountability (iii)
  • Data backup and storage (iv)

 

 

XCS Professional Services

 

Technical Safeguards

Standard

Summary of Requirements

Solutions

A. Access Control

Implement technical policies and procedures for electronic information systems that maintain EPHI to allow access only to those persons or software programs that have been granted access rights.

Specifications include:

  • Unique user ID (i)
  • Emergency access procedure (ii)
  • Automatic logoff (iii)
  • Encryption and decryption (iv)

 

 

 

XCS Professional Services

B. Audit Controls

Implement hardware, software and/or procedural mechanisms that record and examine activity in information systems that contain or use EPHI.

 

XCS Professional Services

C. Transmission Security

Implement technical security mechanisms to guard against unauthorized access to EPHI that is being transmitted over an electronic communications network.
This includes both:

  • Security measures to ensure that EPHI is not improperly modified; and
  • Mechanisms to encrypt EPHI

The appropriate control should be determined through a risk analysis to ensure that EPHI is protected in a manner commensurate with the associated risk when it is transmitted from one place to another.
With regard to unsolicited EPHI –e.g., in email from patients -- protection must subsequently be afforded once that information is in the possession of the covered entity.

 

 

XCS Professional Services

 

 

 

 

 

 

 

 

Register | Login
Copyright 2009 by Xcel Computer Solutions
Terms Of Use | Privacy Statement