Protect Your Medical Practice
with a HIPAA Audit
HIPAA Security Risk Assessment
We are an authorized HIPAA Assessment IT company proudly serving UCF, Fl
Meet your compliance requirements and improve your security position.
Information Security Risk Assessment
Done right, on time, on Budget, By Certified Analysts
HIPAA security risk assessments should be conducted by unbiased professionals to ensure your organization is protected.
An IT security risk assessment can be a daunting task. Meaningful use and HIPAA require you to conduct a Risk Analysis per CFR 164.308 (a)(1)(ii)(A). But if not conducted by an information security professional, your organization can still be exposed to threats against your patients’ information. And how do you know what to do after the assessment? Data Cube Systems uses an unbiased, quantifiable assessment process that can be easily repeated each quarter. We can help with any remediation efforts including policy and procedure creation, employee training, and more.
What we do
Why use Data Cube's Managed HIPAA Auditing Assessment Service for your UCF medical practice?
Protect your UCF medical practice BEFORE you have an incident and use our HIPAA security audit to make your practice compliant.
What's Included with your HIPAA Security Assessment?
Policy & Procedures describe the best practices to comply with the requirements of the HIPAA Security Rule. The policies spell out what your organization does. The procedures detail how you do it referencing HIPAA code sections.
The On-site Survey is an extensive list of questions about physical and technical security that cannot be gathered automatically. The survey ranges from how facility doors are locked to firewall information, and whether servers are on-site, in a data center, or in the Cloud and more.
The HIPAA security framework mandates a risk assessment as a primary document requirement of the Administrative Safeguards. In fact, a Risk Analysis is the foundation for the entire security program.
Whether performed monthly or quarterly, the Risk Profile updates the Risk Analysis and documents progress in addressing previously identified risks, and finds new ones that pop-up.
The Management Plan prioritizes issues resolution based upon risk score with tasks required to minimize, avoid, or respond to risks. The Risk Management plan defines the strategies and tactics the organization uses to address its risks.
Crucial Evidence of Compliance includes log-in files, patch analysis, user & computer information, and other source material to support your compliance activities. The details included in this report are necessary to satisfy an auditor or investigator.
Detailed reports show security holes and warnings, informational items including CVSS scores as scanned from outside the target network.
Use the HIPAA PowerPoint presentation to clearly deliver your findings. Summary information with risk and issue score are presented and include specific recommendations and next steps.
Encryption is so effective at protecting data that if an encrypted device is lost, it does not have to be reported as a data breach. The Disk Encryption Report identifies each drive and volume across the network, whether it is fixed or removable, and if Encryption is active.
This report is useful to identify local data files that may not be protected. Based on this information, the risk of a breach could be avoided if the data was moved to a more secure location, or mitigated by encrypting the device to protect the data and avoid a data breach investigation.
The User Identification Worksheet takes the list of users gathered by the Data Collector and lets you identify whether they are an employee or vendor. Users who are terminated, should have their access terminated. Also, identify generic logins, such as Nurse@ or Billing@ which are not permitted by HIPAA.
The Computer Identification Worksheet takes the list of computers gathered by the Data Collector and lets you identify those that store or access ePHI. This is an effective tool in developing data management strategies including secure storage and encryption.
The Network Share Identification Worksheet takes the list of network shares gathered by the Data Collector and lets you identify those that store or access ePHI. This is an effective tool in developing data management strategies including secure storage and encryption.
A set of additional documents provides detailed information and the raw data that backs up the Evidence of Compliance. These includes the various interviews and worksheets, as well as detailed data collections on shares and login analysis.
We Will Guide You Through the HIPAA Process
In addition to a HIPAA risk assessment, you also need to produce and maintain a number of important documents that demonstrate compliance. We offer a once a quarter HIPAA Assessment.
This will provide a Risk Score Matrix helping you to prioritize the work that should be done based upon potential impact to the business and likelihood of occurrence.
This assessment will include our review of your network and office environments, creation of a HIPAA Risk Analysis based on results of the review, a HIPAA Management Plan to resolve the issues, and a HIPAA Policy and Procedures document.
Assuming you handle any necessary remediation resulting from the analysis, we can also provide the Evidence of Compliance document that is needed in the event of a breach or audit.
It's Easy as 1, 2, 3
Call Now to Take Your Protection to the Next Level
Technology Solutions For Business.
Data Cube Systems helps businesses in UCF with IT technology strategy and support solutions. Successful, thriving businesses require a clear and predictable technology strategy to manage business technology systems. Data Cube is the clear choice for business leaders looking for a technology partner that will help them make critical technology decisions to ensure their business success