ACES Medical’s HIPAA Compliance Solution was designed to provide practices with the confidence and tools needed to pass an onsite HHS OCR onsite audit. ACES Medical can scale its solution to meet the specific needs of your practice and will work with your administrative and IT staff to accomplish goals. The elements of the HIPAA Complication Solution are:
- Security & Risk Analysis: ACES Medical will work with your practice to complete an initial evaluation of your practice’s IT network, system, encryption procedures, and physical security measures. Following this initial evaluation, ACES Medical will work with your team to update the analysis quarterly. By updating the analysis quarterly, your practice will be able to show its progress in mitigating risks. ACES Medical will also run a series of scripts on a random number of workstations, the firewall, domain controller, and other onsite hardware to analyze the strength of the network and to identify any holes in network security that need to be addressed.
- Quarterly Meetings: ACES Medical will meet with your practice’s administrative and IT teams quarterly to review updates to the Security & Risk Analysis as well as evaluate new risks. ACES Medical will also use this quarterly meeting time to pass along any updates to the Omnibus Security Rule.
- HIPAA Training: As part of its HIPAA Compliance Solution, ACES Medical will provide new employees with HIPAA training as well as assist in the creation of HIPAA training material and information for both staff and physicians. ACES Medical recommends completing monthly or quarterly security awareness reminders. ACES Medical also provides engaging HIPAA training videos complete with a quiz at the end that must be passed.
- User Audit Reporting: To be HIPAA compliant, is it crucial that your practice knows who is doing what when and how. ACES Medical will provide your practice with a series of audit reports on domain controller and user activity including but not limited to logon, file changes, file deleted, file creation, file access, user rights, and security options changes.