Too often, little or no time and effort is put into HIPAA compliance until after a breach has occurred. But given the potential for fines, penalties, and reputational harm associated with a breach, HIPAA compliance is more important than ever.
TMLT staff frequently visit physician practices to conduct HIPAA and cyber security risk assessments. And during these assessments, we continue to see practices failing at the basics:
- Not performing regular risk assessments
- Not identifying all areas where ePHI is stored
- Not having risk management plans to address identified risks when a risk assessment is done
- Not having written policies and procedures
- Not having workforce training
- Not keeping current with technology to address cyber threats
To help practices improve in this area, TMLT now offers the following options for fee-for-service risk assessments
- HIPAA Solution
- HIPAA Mock Audit
- Comprehensive Risk Assessment
TMLT staff certified in Healthcare Privacy Compliance will survey your office and interview key employees using questions from the ONC/OCR Security Risk Assessment and NIST 800-66.
This risk assessment includes an annual subscription to a web-based assessment and risk management software designed to show your progress as you work on issues identified.
You may choose to have the assessment done remotely or on site. The assessment typically takes one day, depending on the size of the practice.
The results will be reported in an electronic format that includes a HIPAA Compliance DashBoard and a Risk Register and Remediation List. HIPAA policies and procedures and training are also available.
HIPAA Mock Audit
TMLT staff certified in Healthcare Privacy Compliance will interview you key employees using all the questions from the OCR Audit Protocol. The protocol has 180 interview topics with questions in each topic.
The Mock Audit also includes an in-depth review of written policies and procedures and documentation. The audit typically takes two days, depending on the size of the practice.
Results will be delivered in PDF or Word format.
Comprehensive Risk Assessment
TMLT staff certified in Healthcare Privacy Compliance and our partner network engineers will visit your organization to determine your risk for breaches related to medical privacy and data, and to identify any vulnerabilities. We will also conduct a phishing campaign.
This assessment is designed to help you comply with HIPAA, HITECH, and Texas medical privacy and security laws. Our team can also provide you with resources, staff training, and IT support to help you address these risks. The Comprehensive Risk Assessment takes a minimum of two days.
Results will be delivered in a summary report with detailed vulnerability reports.
To learn more about our risk assessments, please contact TMLT’s Product Development and Consulting Services Department. We can develop a customized Risk Assessment and Plan for your practice. Email us at ConsultingWebmail@tmlt.org.