MODULES
Risk Assessment
Every HIPAA Security assessment should begin with a risk assessment, which is a series of questions dealing with administrative, procedural, technical, and physical security. While the HIPAA Security gap analysis also deals with these aspects of security, risk assessment goes into more detail and then follows with a self-administered rating of each risk based on business impact, likelihood of occurrence, and severity of risk. This process not only should identify, and if possible quantify, each risk, but also should compare the risks such that the most severe cases are identified and can be addressed with an appropriate level of resources.
HIPAA Navigator uses the method proposed by the NIST and described in NIST Special Publication SP800-16.
Data and Application Criticality Analysis
Each organization subject to HIPAA Security requirements will have data and software applications which are critical to the business, and other data and applications which are less critical. The data and application criticality analysis identifies these critical data and applications, and the systems which they reside on. The results of the analysis is then used in generating the organization's contingency, disaster recovery, emegency mode operation, and data backup plans.
Policies and Procedures
Each organization subject to HIPAA Security requirements must have policies and procedures in place governing the confidentiality, integrity and availability of protected health information (PHI). These policies and procedures govern access, storage, transmittal, backup, retrieval, and other aspects of electronically stored PHI.
The model policies and procedures in HIPAA Navigator-S and the Security Manual are based on the NIST Handbook, the ISO 17799 standard, and other NIST publications.
Contingency Planning
Each organization subject to HIPAA Security requirements must meet the three requirements of HIPAA Contingency Planning:
Disaster Recovery Plan
The disaster recovery plan identifies the policies, procedures, resources, and people responsible for the response to a disaster, recovery of systems, and restoration of normal operations.
The model disaster recovery plan in HIPAA Navigator-S is based on NIST recovery planning guidelines and several best practice disaster recovery plan templates.
Emergency Mode Operation Plan
The emergency mode operation plan identifies the policies, procedures, resources, and people responsible for the ability of the organization to function in an emergency situation.
The model emergency mode operation plan in HIPAA Navigator-S is based on NIST and ISO guidelines.
Data Backup Plan
The data backup plan identifies the policies, procedures, resources, systems, and critical data and applications which will enable the organization to safely backup and restore data and systems critical to the organization's operation.
VERSIONS
HIPAA Navigator-S comes in several versions designed to reflect the needs of end users.
For healthcare providers
Healthcare providers have compliance requirements which differ from those of health plans, leadng to different policies and procedures. HIPAA Navigator-S helps healthcare providers of all sizes assess their compliance, develop an implementation plan, customize policies and procedures, and train their staff.
For health plans
Health plans have compliance requirements which differ from those of healthcare providers, leadng to different policies and procedures. HIPAA Navigator-S helps health plans of all sizes assess their compliance, develop an implementation plan, customize policies and procedures, and train their staff.
| Price | |
|---|---|
| For providers | $499 |
| For health plans | $4999 |