HIPAA Security Support Solutions
What is HIPAA Security Support Solutions (HS3)?
After working HIPAA Security for years and observing the requirements most challenging to a successful program, we developed three independent Respond & Detect Phases services to help create the visible, demonstrable evidence your compliance program needs: Virtual Compliance, Phishing Testing, and HICP 405(d) Attestation.
Virtual Compliance
You’re making significant HIPAA security program progress. Going forward, can your team continue to manage compliance, security, and risk successfully? Contact us if you desire monthly paid support helping your team manage risk and enhance compliance work.
Compliance Silver provides up to one hour of scheduled telephone support and one monthly meeting with your HIPAA Security Officer or team.
Compliance Gold provides unrestricted scheduled telephone support, two monthly scheduled meetings with your HIPAA Security Officer or team, full access to all program management and training documents, and the Active Directory log-in monitoring and environment and permissions review services.
Compliance Platinum adds one 2-week agile Scrum project per month to Compliance Gold support, to help organize and complete risk register actions that reduce your ePHI breach risk.
Phishing Testing Campaigns
A well trained workforce is your best security control against the criminals who have made phishing a persistent part of electronic communications. Empower your workforce to reduce your breach risk. Proteus will deliver a cost estimate for one, four, eight or 12 campaigns, or choose your own interval!
After reviewing baseline phishing test results, Proteus works with your information technology team to maintain a list of current email accounts, configure your email system with a “Reporter” button to report suspicious emails, and to run additional test campaigns based on real world emails that the criminals use.
Security training materials provide instant feedback and videos for your HIPAA Security program. Proteus will deliver a report for each campaign that includes:
-
Summary results
-
Resiliency trends
-
Scenario observations
-
Behavior analytics
-
Enhanced analytics
-
Time to respond
HICP 405(d) Attestations (Small Organizations)
The 2017 405(d) Task Group planned, developed and drafted the Health Industry Cybersecurity Practices Managing Threats and Protecting Patients publication. The Technical Volume 1: Cybersecurity Practices for Small Health Care Organizations publication provides recommended cybersecurity practices for small health care organizations.
Proteus has created a service that walks our partner-clients through 64 security controls and provides an attestation report meant to demonstrate the degree of compliance with Technical Volume 1 and potentially shield a qualifying organization from an Office of Civil Rights audit or investigation.
Why Should You Partner With Proteus HS3?
"Would our company pass a Health and Human Services Office of Civil Rights audit?"
"Would our company be able to potentially demonstrate the diligence required to win a state Attorneys General or class action lawsuit?"
"Would our community reputation survive a major breach of our patients' information?"
These are potentially the most expensive financial metrics your program should understand. If your answer is anything short of "YES", or your response is based on a feeling instead of real information, then your organization will benefit from our HIPAA Security Support Solutions.