A 3rd Party Service Aligned with your HIPAA Business Associate

Patagonia Health has partnered with EHR 2.0, a HIPAA consulting and compliance services company that assists healthcare organizations and business associates in the development, design, and implementation of practices to secure IT systems and comply with
HIPAA/HITECH privacy, security, breach and enforcement rules by protecting patient health information (PHI).

Conducting a Security Risk Assessment

  • Define the scope: Identify electronic Protected Health Information (PHI) systems
  • Review physical assets: EHR, desktops, mobile devices, network, cloud and wireless security risk areas
  • Best practice recommendations for all technology assets
  • Risk management plan
  • External network and web application vulnerability scan
  • Security rick analysis report and summary
  • Security and Privacy awareness training for staff
  • Customized policies and procedures
  • Updates are required annually

What to Expect

  • Client needs to assign a HIPAA Officer – point of contact
  • Provide IT support for network device and architecture review
  • Department heads will need to review and set policies if required
  • Management will need to review final report
  • 10-15 minutes of staff hours is required to complete assessment
  • The process will take 2-3 weeks, depending on size of facility, to complete the assessment
  • The assessment will require approximately 3 days of on-site review and inspection of physical elements. All other work is done remotely

Key Benefits

  • Maintain compliance with HIPAA Security and Privacy rules
  • Meet mandated attestation requirements
  • Quarterly compliance maintenance program and security reminders for staff
  • Prepares your facility for random audit
  • Audit support guaranteed

Blog: 4 Reasons Not Conducting a Security Risk Assessment Can Cost You Money

A Security Risk Assessment (SRA) is an analysis of your healthcare organization or associated business for any potential threats or issues in handling protected health information (PHI) under the Health Insurance Portability and accountability Act (HIPAA). It is also mandatory for all Covered Entities under the HIPAA security rule and needs to be performed annually. … Continue reading

For more information about Security Risk Assessments, or to obtain a price quote, please contact EHR 2.0