Compliance Is Not Security!

Compliance Is Not Security!

Does HIPAA compliance equal security?

A major component of compliance is a documented risk analysis.

Did you know that security breaches are happening much too frequently these days and fines for these breaches are exorbitant? If a breach can occur with Anthem Blue Cross, it can surely happen to anyone!

Security done right always equals compliance, but sadly the reverse is not true and is not sustainable.

The Experience to Do It Right. Orca Datacom’s Security Consultants have over 20 years’ experience with implementing required technical controls, performing risk assessments, customizing security policies and procedures, and implementing realistic security programs tailored to meet the specific needs of your business. Orca Datacom offers you the benefit of a HIPAA / PCI compliance expert on staff to advise and assist with your information security needs without having to outsource any of this work to third party sources like many other computer consulting firms.

If you have put off dealing with HIPAA and Security Rule requirements you may be aware that March 1, 2015 was the HHS deadline for reporting HIPAA compliance breaches. According to the CDA, “Secure electronic transmission of protected health information is one of the many requirements of the HIPAA Security Rule. A major component of compliance is a documented risk analysis.”

Orca Datacom will take you through the following steps to compliance so you can rest knowing your
practice has exercised due diligence* to protect your data and your patients:
Step 1: Perform a comprehensive risk assessment of administrative, physical and technical controls.
Step 2: Create and Implement a custom Security Program, including Security Procedures.
Step 3: Implement a Security Awareness training program.
Step 4: Document and Implement Technical Controls.
Step 5: Implement a Vulnerability Management Program.

*The Breach Notification Rule on the HHS website states: “Covered entities and business associates, as applicable, have the burden of demonstrating that all required notifications have been provided or that a use or disclosure of unsecured protected health information did not constitute a breach.”
Be pro-active and safeguard your data and your practice today.

For a printer friendly version of this information, click HERE.