top of page

HIPAA Security Support Solutions

What is HIPAA Security Support Solutions (HS3)?

After working HIPAA Security for years and observing the requirements most challenging to a successful program, we developed three independent Respond & Detect Phases services to help create the visible, demonstrable evidence your compliance program needs: Virtual Compliance, Phishing Testing, and Electronic Health Records Activity Audit.

Virtual Compliance

You’re making significant HIPAA security program progress. Going forward, can your team continue to manage compliance, security, and risk successfully? Three levels of virtual support help manage risk and provide value:

Orangebox_1.png
Proteus_covergraphic.png

Compliance Silver provides up to one hour of scheduled telephone support and one monthly meeting with your HIPAA Security Officer or team.

Compliance Gold provides unrestricted scheduled telephone support, two monthly scheduled meetings with your HIPAA Security Officer or team, full access to all program management and training documents, and the Active Directory log-in monitoring and environment and permissions review services.


Compliance Platinum adds one 2-week agile Scrum project per month to Compliance Gold support, to help organize and complete risk register actions that reduce your ePHI breach risk.

Monitoring Microsoft Active Directory log-in activity is frustrating and for most, impossible. Some organizations set low failure password limits that require an administrator’s time to unlock. Our solution is superior and includes the choice(s) of reporting:

  • All accounts with passwords that never expire

  • Accounts not used during the past 30 days

  • Unusual login(s) to a computer

  • Failed logins by account name

  • Login history by computer

  • Unusual day or time login(s)

Orangebox_2.png
Orangebox_3.png

Microsoft Active Directory environment and permissions review is an on-demand service that provides up to 31 reports demonstrating how well your information technology team has configured your computer domain. Some examples of reporting include:

  • Inactive registered computers

  • Active Directory security policy review

  • Shared permissions reports by user or by computer

  • Password policy exceptions

  • User behavior analysis

Phishing Testing

Phishing Testing Campaigns

A well trained workforce is your best security control against the criminals who have made phishing a persistent part of electronic communications.  Empower your workforce to reduce your breach risk. Proteus will deliver a cost estimate for one, four, eight or 12 campaigns, or choose your own interval!​

Orangebox_4.png

After reviewing baseline phishing test results, Proteus works with your information technology team to maintain a list of current email accounts, configure your email system with a “Reporter” button to report suspicious emails, and to run additional test campaigns based on real world emails that the criminals use.

Reporter_fish.png

Security training materials provide instant feedback and videos for your HIPAA Security program. Proteus will deliver a report for each campaign that includes:

  • Summary results

  • Resiliency trends

  • Scenario observations

  • Behavior analytics

  • Enhanced analytics

  • Time to respond

Electronic Health Record Activity Audits

EHR Audits
Orangebox_5.png

EHR audits are difficult to work with and can be time consuming. Some EHR vendors even charge their customers for the privilege of understanding when unauthorized disclosure (a breach) is happening – ridiculous!

Working with artificial intelligence and your EHR administrator(s), we will help deliver a third-party cost estimate and contracted service to read daily EHR log files and report events that are out of the ordinary. Reports include:

  • VIP Access

  • Co-worker access

  • Audit log upload report

EHR Audit Graphic.png

Why Should You Partner With Proteus HS3?

"Would our company pass a Health and Human Services Office of Civil Rights audit?"

"Would our company be able to demonstrate the diligence required to win a state Attorneys General or class action lawsuit?"

"Would our community reputation survive a major breach of our patients' information?"

These are potentially the most expensive financial metrics your program should understand.  If your answer is anything short of "YES", or your response is based on a feeling instead of real information, then your organization will benefit from our HIPAA Security Support Solutions.

bottom of page