The OCS HIPAA Security Compliance Service is designed to help covered entities and business associates of all sizes maintain HIPAA / HITECH compliance at an affordable price point. Along with our partner HIPAA Secure Now!, OCS will provide you with the expert guidance and tools needed to meet the required HIPAA Risk Assessment requirement.
This service has been developed by experts knowledgeable with the HIPAA Security Rule, computer and network security, and security training. The combination of these skills are apparent in the level of detail and knowledge that the service provides.
OCS offers a wide range of services to help meet your individual needs. Please contact us to discuss which option is the best fit for your organization.
A detailed Risk Assessment is required under the HIPAA Security Rule. It is also considered the foundation of the HIPAA Security Rule.
OCS will perform a detailed Risk Assessment that follows the methodology described in NIST Special Publication (SP) 800-30 Revision 1.
- Identify and document all ePHI repositories
- Identify and document potential threats and vulnerabilities to each repository
- Assess current security measures
- Determine the likeliness of threat occurrence
- Determine the potential impact of threat occurrence
- Determine the level of risk
- Determine additional security measures needed to lower level of risk
- Document the findings of the Risk Assessment
The output of the Risk Assessment Consists of:
- Executive Summary Report
- Detailed Risk Assessment Report
- Remediation / Work Plan
Procedures that address:
- Administrative Safeguards
- Physical Safeguards
- Technical Safeguards
Each Policy and Procedure is a separate Microsoft Word document. The Policies and Procedures are customized for your organization.
In addition to the 18 Policies and Procedures, the service also includes forms and checklists that address:
- Device and Media Tracking
- Computer use guidelines
- Tracking access to server and equipment rooms
- Breach notification checklists
One of the most important steps you can take to protect ePHI and patient information is to provide security training to all of your employees. Security training is a requirement under the HIPAA Security Rule.
OCS provides in-depth training on the HIPAA Security Rule as well as advice for best practices in protecting ePHI and patient information. The training is provided in an online format which is both engaging and convenient to your staff.
Save time and expense by utilizing our staff of HIPAA professionals. They will complete your risk assessment, work plan, and customized policy and procedures. You will gain additional time savings from tracking your staff’s training progress via the online portal.