| Your Challenge: | Interpret the HIPAA and HITECH Acts in a way that HHS and OCR will agree protects personal health information while qualifying for electronic health record meaningful use incentives. |
Compliance with HIPAA was slow to occur initially due to lack of enforcement. With the passing of the HITECH Act not only has enforcement for violations of both acts been strengthened and solidified, incentives have been put in place for the adoption of secure electronic health records that promote treatment efficacy and cost reduction, while protecting personal health information.
The HITRUST Alliance has provided the HITRUST Common Security Framework CSF that is healthcare specific, comprehensive, and proscriptive. Portions of the framework can be used as the basis for HIPAA and HITECH Act compliance and provide assurance that the intent of both acts is satisfied.
| The Solution: | ActiveGuard managed services; SaaS self-service assessment; and security consulting services tailored for HIPAA and HITECH compliance. |
| Assess & Measure Gaps: | HITRUST CSF assessment methodology performed by experienced, certified HITRUST CSF practitioners applied selectively to the HIPAA and HITECH Acts; prioritized and actionable recommendations; peer benchmarking. |
| Remediate & Enhance: | Experienced, certified HITRUST CSF Practitioners, security program, policy, and procedures design, services, tools, and process implementation. |
| Execute & Monitor: | HIPAA / HITECH compliant log management, log monitoring, vulnerability management, and security device management. |
| Demonstrate Compliance: | Standard and customizable reporting, secure evidence repository for all HIPAA / HITECH compliance related assessments, results, and reports; integrated ticketing with assignment, tracking, and journaling. |
Solutionary has:
- Become one of the first providers of HITRUST certified security assessments
- A staff of experienced, certified HITRUST CSF Practitioners
- Membership in HITRUST working groups
- Proven managed and consulting services to get you compliant and keep you compliant
- Certified security experts (HITRUST CSF, CISSP, CISA, CISM, GCIA, CSOA, QSA and others)
Select from any of our HIPAA / HITECH compliance services:
- ActiveGuard Log Monitoring & Log Management
- Vulnerability Management
- Security Device Management
- Onsite HITRUST CSF-based HIPAA / HITECH Assessments and Gap Analysis Services
- SecurCompass SaaS Self-Assessment Tools
| Compliance Activity | Solutionary Services / Capabilities | Regulatory Mapping |
| Assess; Measure Gaps | SecurCompass SaaS self-assessment; Security consulting services; Certified HITRUST CSF Practitioners | HIPAA (August, 1996) HITECH Act (January 6, 2009) Division A: Title XIII, Subtitle D - Privacy |
| Remediation; Enhancement | Security consulting services; Certified HITRUST CSF Practitioners; Authorized partner consulting services | HIPAA (August, 1996) HITECH Act (January 6, 2009) Division A: Title XIII, Subtitle D - Privacy |
| Execute and Monitor Security Program | ActiveGuard Log Management; ActiveGuard Log Monitoring; ActiveGuard Vulnerability Management; Authorized partner consulting services; ActiveGuard Security Device Management | All of HIPAA 10 of the 28 HITECH Covered Entity Controls |
| Demonstrate Compliance | ActiveGuard Evidence Respository ActiveGuard Security & Compliance Reporting | Solutions and services explicitly cover all 18 of the HIPAA Security Objectives with auditing and reporting requirements Solutions and services explicitly cover all 7 of the HITRUST Security Objectives with auditing and reporting requirements |
