| |
HIPAA
ASSESSMENT
I.
INTRODUCTION
This proposal provides for consulting services and software to
support Said Name Company's work to comply with the legislation
developed as part of HR 3103, the Health Insurance Portability
and Accountability Act of 1996 (HIPAA). This assistance is to
be provided by a team of qualified consultants from Securesoft
Systems, Inc. (SSI), who will specifically address the Administrative
Simplification Legislation components of HIPAA as they relate
to Security and Privacy. The objectives are to provide a detailed
assessment of the current environment, identify the gaps between
the current state and the HIPAA Security and Privacy standards
and to provide recommendations. These recommendations will position
Yuma Regional Medical Center to achieve HIPAA compliance within
the required federal timeframes and to meet YRMC strategic objectives
as well.
II. HIPAA
BACKGROUND
Healthcare is faced with the requirement to satisfy H.R. 3103,
the Health Insurance Portability and Accountability Act of 1996
(HIPAA). All health plans, healthcare providers and clearinghouses
are required to comply. Likewise, because of business partner
relationships, other healthcare businesses must also comply. Each
organization must identify all areas of non-compliance and take
corrective action in each identifiable area to achieve compliance.
The HIPAA legislation states that compliance must be met. The
timeframe to meet compliance is short and it is recommended that
YRMC begin to aggressively address these HIPAA requirements within
the timeframes identified in these regulations.
| The
Inadequate Approach |
|
In a
typical scenario, systems are scanned for vulnerabilities
and penetration tests are conducted, both discovering that
there are weaknesses. Before vulnerabilities can be corrected
another computer is added to the system that is NOT secure
or another new vulnerability is announced that has not yet
been recognized, let alone scheduled for correction. None
of this activity is accountable or recorded in a relational
database. There are no records of security management maintained
that are retrievable or that provide line system reports
on the status of security or insecurity.
|
| Need
for a Single Solution |
|
While
there are many individual security software "solutions"
that attempt to solve one or more of these problems, currently
there is no single "solution" capable of doing
so. In fact, the current stand-alone "solutions"
often amplify the problem and in some cases present a false
sense of security that the problem is solved when in reality
it is not. For the most part, the present generation of
security software applications works more toward highlighting
problems rather than fixing them.
|
| Discover
and Correct Vulnerabilities (immunize) |
| The
present security emphasis has been to DISCOVER vulnerabilities.
Immunity works on a SEARCH & DESTROY basis to find vulnerabilities
quickly and fix them. HealthSecure and Immunity
represent an accountable, retrievable database that effectively
solves these problems by integrating system security into
the IT mainstream and directing the use of integrated solutions.
To our knowledge, HealthSecure and Immunity
are the only products on the market today that provide a truly
comprehensive approach to managing network security and protecting
information systems enterprise-wide. |
To
view our HIPAA Assessment and Remediation Flow Diagram, click
here
Back to top
|
