Questions? Call (800) 585-4888 or email security@compliancepoint.com   

Home      About Us      Resource Center      Partners      Contact Us       Site Map    

CompliancePoint’s HIPAA / HITECH Assessment assists management in establishing and meeting requirements for state and federal agencies by assessing the general and application control requirements throughout internal and business associates’ various business functions. We provide a detailed corrective action plan and recommendations to protect against both internal and external threats. 

Our process includes the following steps:  
 

• Identify PHI within the Organization - CompliancePoint’s PIIFinder scans valuable file shares and databases for a variety of Personally Identifiable Information.  This process is an essential component of HIPAA, Privacy, PCI, and other regulatory compliance.

• Determine Scope - Analyze the Administrative, Physical, IT and Policies & Procedure operations to determine what is in scope for the HIPAA / HITECH regulatory requirement.

• Readiness Assessment & Report - Assess the company’s regulatory posture (Security Standards, Administrative Safeguards, Technical Safeguards, Organizational Requirements, Policies & Procedures and Documentation Requirements) and provide a report outlining deficiencies and vulnerabilities and the steps needed to remediate them.

• Remediation - CompliancePoint provides assistance creating the Remediation Project Plan utilizing the Compliance Automation Portal which is available to the Company’s Project team for the entire project. Covered entities and business associates may correct deficiencies with internal resources or outsource that work to CompliancePoint. We provide security consulting, network design, technology evaluation and selection, policy and procedure development and IT integration and configuration services.

• Validation and Reporting - Upon completion of deficiency remediation, CompliancePoint conducts a final audit review and issues a report of compliance. This report can be shared with all appropriate authorities as proof of third party validation of compliance.
  

• Program Management - Regulatory compliance is an ongoing process that requires monitoring compliance levels by performing required daily, monthly, quarterly and annual compliance tasks and preparing audit documentation for planned and unplanned audits. CompliancePoint leverages technology to automate and streamline that ongoing process.

• Compliance Automation Portal - The Compliance Automation Portal provides an easy-to-use security control system for managing all internal and Business Associate compliance initiatives. 

• Access assessment documents and manage policy and procedures
• Map technical controls across multiple compliance requirements
• Import vulnerability and event data from logging and scanning technologies
• Provide ongoing feedback of compliance levels
• Generate planned and unplanned audit documentation


• HIPAA Security Awareness Training - CompliancePoint training provides an introduction to information security concepts such as:  information assets, information asset classification, information security policy, HIPAA security framework, cyber-crime and the layered approach to security.