HIPAA COMPLIANCE

ONLY AUTOMATED TOOL THAT CREATES KEY HIPAA REPORTING DOCUMENTS

OVERVIEW

More than 700,000 hospitals, emergency medical clinics, dental offices, nursing homes and other health-related entities are required by law to have a specialized IT risk assessment performed to satisfy the requirements of HIPAA – The Health Insurance Portability and Accountability Act.

So, too, are an estimated 2 million other companies that do business with these entities, including IT service providers, shredding companies, documents storage companies, attorneys, accountants, collections agencies, and many others. Many of these companies and organizations are not even aware of this legal requirement!

Leon Rodriguez, former director of the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services, was responsible for enforcing HIPAA and HITECH.  When asked where do organizations suffer the most audit failures, Rodriguez commented in the “failure to perform a comprehensive, thorough risk analysis and then to apply the results of that analysis.”

Click on the THE HIPAA OPPORTUNITY Tab to learn more about how to protect your organization and – for MSPs – how to leverage the law for your profit.

PRODUCE ALL THE HIPAA REPORTS YOU NEED AUTOMATICALLY WITH THIS TOOL

The Network Detective HIPAA Compliance Module is the first purpose-built IT tool to combine the automated collection of network data with information gathered through observations, photographs and surveys. It's also the only software with a built-in HIPAA risk assessment engine that automatically generates a complete set of the official documents that comprise a comprehensive HIPAA IT assessment including: HIPAA Policy and Procedures, HIPAA Risk Analysis, HIPAA Management Plan, Evidence of HIPAA Compliance and all associated supporting documentation. A mountain of reports at the push of a button, saving you untold days, or even weeks, worth of production work.

Click on the REPORTS Tab for a Complete List and To Download Sample reports.

PROVEN TECHNOLOGY, BUILT-IN HIPAA KNOWLEDGE

Until now you had to be a HIPAA expert to deliver these kinds of reports. But we've put the "smarts" into our tool by working with the nation's leading HIPAA authorities to create a powerful framework for performing comprehensive HIPAA risk assessments that are guaranteed to stand up to any government audit or review.

The Network Detective HIPAA Compliance module is, hands-down, the fastest and easiest way to perform a full HIPAA IT audit. This is the first product of its kind. Don't be confused by other "low-end" fill-in-the-blanks template products that make you do all the legwork and a lot of guesswork. Our non-invasive computer and network scanning tools do a lot of the "heavy lifting" automatically for you. And, the forms that are needed for your supplementary data gathering requirements are directly integrated into the tool. That makes it easier to enter the data, and dramatically streamlines the otherwise laborious document-generation process. All the data you gather is crunched by our HIPAA risk assessment engine and reports are automatically generated with YOUR customized branding.

Click on the HOW IT WORKS Tab for a complete list of documents and to download sample reports.

OUR PRODUCT IS EASY BUT THE HIPAA PROVISIONS ARE NOT

The Network Detective HIPAA Compliance Module is easy to use. The automated data collectors are simple executables that are wizard-driven and can be deployed by anyone with a minimum amount of IT knowledge and training. The forms and check-lists are also easy to access within the tool and it's easy to enter supplementary data and images. You'll also have no problem branding these reports, editing them as you wish, or printing them out. The tool comes with user guides and even creates a customized task list to step you through the compliance process letting you know what's been completed and what still left to be done. And if you ever run into any issues with our products, we offer free technical support.

ADD OTHER COMPLIANCE MODULES TO YOUR SUBSCRIPTION AND SAVE

The HIPAA Compliance Module works inside of the same user interface as all of our IT Assessment and Compliance modules, and takes advantage of the same technology. The special HIPAA Reports use the same Enhanced Branding tool as the other reports. The HIPAA Compliance module also taps into our InForm technology to provide you with all of the specialized pre-written surveys, questionnaires and check lists that are required under the law.

Click on the HOW TO SAVE Tab to learn how to save $1,000 off the cost of your HIPAA Compliance subscription.

We didn't become the #1 IT assessment company by accident. We work hard to ensure that our software is easy-to-buy, easy-to-use, and does exactly what we promise. If you're not happy, we're not happy. That's why we give you a full 30 days to try the HIPAA Compliance module after purchase. If it doesn't meet your expectations for any reason, return it for a full refund. No questions asked.

IF YOU CAN FOLLOW DIRECTIONS, YOU CAN DO THIS!

PROVEN TECHNOLOGY. BUILT-IN HIPAA KNOWLEDGE.

We've taken the proven Network Detective non-invasive IT assessment scanning technology and combined it with a powerful built-in HIPAA risk assessment engine to deliver the fastest and easiest way to perform comprehensive HIPAA Assessments.

This is the first product of its kind that automatically collects -- and seamlessly integrates -- the mountain of network data needed for a comprehensive HIPAA Risk Analysis and combines it with the photos, observations and supplemental data you gather on site. All the data is crunched by our HIPAA risk assessment engine, and reports are then automatically generated with YOUR customized branding.


THE INITIAL DATA COLLECTION PROCESS

One of the most challenging aspects of performing a valid comprehensive HIPAA Assessment is gathering and organizing the vast amount of data that must be collected from a variety of sources. Network Detective makes this easy by giving you a central repository to safely and securely collect the information. You'll start by conducting a "Site Interview" to obtain the answers to a series of pre-established questions. Network Detective includes a built-in Site Interview questionnaire that you can print out, or type the answers directly into the HIPAA Risk Assessment Engine.

Next, you'll need to conduct an On-Site Survey to personally observe the environment, take photographs and check on a wide range of security policies. There's no guesswork here – Network Detective includes the comprehensive checklist of things to look for, and a place for you to record your answers and upload your images.

While you are conducting your On-Site Survey, you'll also want to be running the non-invasive Network Detective Local HIPAA scanner on each PC in the office. This scanner can be run directly off a single memory stick, and the results of all individual scans are automatically collated back into your master report. Additionally, you'll kick off an External Vulnerability Scan.

THE SECONDARY DATA COLLECTION PROCESS

Once you've gathered the initial data and uploaded it all into the Network Detective HIPAA Risk Assessment Engine, you will work with your client (or organization) to complete three worksheets – a User Identification Worksheet, a Computer Identification Worksheet, and a Share Identification Worksheet. These worksheets are built automatically by the HIPAA Risk Assessment Engine once you import the automated collections. The data from these worksheets will be automatically cross-correlated with the data collected by the Network Detective data collector to ensure there are no anomalies.

RECORDING EXCEPTIONS

At this point in the process you will generate a Security Exception Worksheet, which will list issues that have been identified. You can also note any exceptions and add further explanations. Complete the worksheet, and then the fun begins. All of that information gathered by you and your team is ready to be crunched, analyzed and organized into a set of official HIPAA Compliance reports and documents.

PRODUCING YOUR DOCUMENTS

Prior to generating your documents you'll want to go into the Network Detective's advanced branding tool and set up the formatting for your reports. You can upload your organization's logo, client information, custom colors, report cover images and layouts. Click on the REPORTS TAB to see samples of the reports and documents you can generate.

WHEN IT COMES TO HIPAA COMPLIANCE, IT'S ALL ABOUT THE DOCUMENTS!

Network Detective makes it so much easier to collect all of the information necessary to insure that you or your clients are doing the right things to ensure compliance with all of the security and many of the privacy provisions of HIPAA. But of even greater value is the AUTOMATIC generation of all the primary and secondary documents that are required under the law.

The Network Detective HIPAA Compliance module seamlessly merges the results of all the automated network data collection, plus the supplemental information you enter from your own personal observations, and automatically pulls it all together seamlessly into beautifully organized reports designed specifically to meet HIPAA documentation requirements.

MAKE OUR REPORTS YOUR REPORTS!

All Network Detective subscriptions include our Enhanced Branding Package, that gives you the ability to control the overall look-and-feel of the reports you generate. With the Enhanced Branding package, you can:

  • Personalize the reports with your company name and logo
  • Change the accent colors to match your own company standards
  • Select from a number of pre-designed report templates
  • Embellish your reports with photos and images from our pre-screened, royalty-free library

CHECK OUT SAMPLES OF THE REQUIRED HIPAA DOCS YOU CAN GENERATE

HIPAA Policies & Procedures. The Policy and Procedures are the best practices that our industry experts have formulated to comply with the technical requirements of the HIPAA Security Rule. The policies spell out what your organization will do while the procedures detail how you will do it. In the event of an audit, the first thing an auditor will inspect are the Policies and Procedures documentation. This is more than a suggested way of doing business. The Policies and Procedures have been carefully thought out and vetted, referencing specific code sections in the Security Rule and supported by the other reports include with the HIPAA Compliance module.

HIPAA Risk Analysis. HIPAA is a risk-based security framework and the production of a Risk Analysis is one of primary requirements of the HIPAA Security Rule's Administrative Safeguards. In fact, a Risk Analysis is the foundation for the entire security program. It identifies the locations of electronic Protected Health Information (ePHI,) vulnerabilities to the security of the data, threats that might act on the vulnerabilities, and estimates both the likelihood and the impact of a threat acting on a vulnerability. The Risk Analysis helps HIPAA Covered Entities and Business Associates identify the locations of their protected data, how the data moves within, and in and out of, the organization. It identifies what protections are in place and where there is a need for more. The Risk Analysis results in a list of items that must be remediated to ensure the security and confidentiality of ePHI. The value of a Risk Analysis cannot be overstated. Every major data breach enforcement of HIPAA, some with penalties over $1 million, have cited the absence of, or an ineffective, Risk Analysis as the underlying cause of the data breach. The Risk Analysis must be run or updated at least annually, more often if anything significant changes that could affect ePHI.

HIPAA Risk Profile. A Risk Analysis should be done no less than once a year. However, Network Detective has created an abbreviated version of the Risk Analysis called the HIPAA Risk Profile designed to provide interim reporting in a streamlined and almost completely automated manner. Whether performed monthly or quarterly, the Risk Profile updates the Risk Analysis and documents progress in addressing previously identified risks, and finds new ones that may have otherwise been missed and resulted in a data breach.
HIPAA Management Plan. Based on the findings in the Risk Analysis, the organization must create a Risk Management Plan with tasks required to minimize, avoid, or respond to risks. Beyond gathering information, Network Detective provides a risk scoring matrix that an organization can use to prioritize risks and appropriately allocate money and resources and ensure that issues identified are issues solved. The Risk Management plan defines the strategies and tactics the organization will use to address its risks.
Evidence of HIPAA Compliance. Just performing HIPAA-compliant tasks is not enough. Audits and investigations require evidence that compliant tasks have been carried out and completed. Documentation must be kept for six years. The Evidence of Compliance includes log-in files, patch analysis, user & computer information, and other source material to support your compliance activities. When all is said and done, the proof to proper documentation is accessibility and the detail to satisfy an auditor or investigator included in this report.
External Network Vulnerability Scan.. Detailed reports showing security holes and warnings, informational items including CVSS scores as scanned from outside the target network. External vulnerabilities could allow a malicious attacker access to the internal network.
HIPAA Compliance PowerPoint. Use our generated PowerPoint presentation as a basis for conducting a meeting presenting your findings from the Network Detective. General summary information along with the risk and issue score are presented along with specific issue recommendations and next steps.
HIPAA On-Site Survey. The On-site Survey is an extensive list of questions about physical and technical security that cannot be gathered automatically. The survey includes questions ranging from how facility doors are locked, firewall information, how faxes are managed, and whether servers are on-site, in a data center, or in the Cloud.
Disk Encryption Report. Encryption is such an effective tool used to protect data that if an encrypted device is lost then it does not have to be reported as a data breach. The Disk Encryption Report identifies each drive and volume across the network, whether it is fixed or removable, and if Encryption is active.
File Scan Report. The underlying cause identified for many data breaches is that the organization did not know that protected data was stored on a device that was lost or stolen. After a breach of 4 million patient records a hospital executive said, "Based on our policies that data should not have been on those systems." The File Scan Report identifies data files stored on computers, servers, and storage devices. It does not read the files or access them, but just looks at the title and file type. This report is useful to identify local data files that may not be protected. Based on this information the risk of a breach could be avoided if the data was moved to a more secure location, or mitigated by encrypting the device to protect the data and avoid a data breach investigation.

User Identification Worksheet. The User Identification Worksheet takes the list of users gathered by the Data Collector and lets you identify whether they are an employee or vendor. Users who should have been terminated and should have had their access terminated can also be identified. This is an effective tool to determine if unauthorized users have access to protected information. It also is a good indicator of the efforts the organization goes to so terminated employees and vendors have their access quickly disabled. Another benefit is that you can review the user list to identify generic logins, such as Nurse, Billing Office, etc., which are not allowed by HIPAA since each user is required to be uniquely identified. To save time the system allows you to enter default settings for all users and just change some as needed.

Computer Identification Worksheet. The Computer Identification Worksheet takes the list of computers gathered by the Data Collector and lets you identify those that store or access ePHI. This is an effective tool in developing data management strategies including secure storage and encryption. To save time the system allows you to enter default settings for all computers and just change some as needed.

Network Share Identification Worksheet. The Network Share Identification Worksheet takes the list of network shares gathered by the Data Collector and lets you identify those that store or access ePHI. This is an effective tool in developing data management strategies including secure storage and encryption. To save time the system allows you to enter default settings for all network shares and just change some as needed

HIPAA Supporting Worksheets. A set of individual documents are provided to show detailed information and the raw data the backs up the Evidence of Compliance. These includes the various interviews and worksheets, as well as detailed data collections on shares and login analysis.


We didn't become the #1 IT assessment company by accident. We work hard to ensure that our software is easy-to-buy, easy-to-use, and does exactly what we promise. If you're not happy, we're not happy. That's why we give you a full month to try Network Detective after purchase. And if it doesn't meet your expectations for any reason, return it for a full refund; no questions asked.

ORDER THIS MODULE WITH OTHERS, AND SAVE!

The HIPAA Compliance Module works inside of the same Network Detective user interface as all of our IT Assessment Modules, and takes advantage of the same technology. You can download the special HIPAA data scanners from the same place you get our other Network Detective data scanners, and the special HIPAA Reports use the same Enhanced Branding feature as the other reports. The HIPAA Compliance module also taps into our InForm technology to provide you with all of the specialized pre-written surveys, questionnaires and check lists that are included with the module.

HOW TO SAVE $1,000 WHEN YOU SUBSCRIBE TO THE HIPAA COMPLIANCE MODULE

Subscribe to the PCI Compliance Module at the same time that you order the HIPAA Compliance, and you’ll save a boatload! The regular annual subscription price for each of these powerful tools is $2,499 each. But when you purchase them together, the subscription price for each drops by $500, bringing your total savings to $1,000!

Your discount is automatically applied when ordering off of this web site. Click here to order.

Already have the PCI Compliance module? Go directly to your Network Detective application, click on the Upgrade button, and order with our preferred customer pricing to get credit for the modules you already own!

We didn't become the #1 IT assessment company by accident. We work hard to ensure that our software is easy-to-buy, easy-to-use, and does exactly what we promise. If you're not happy, we're not happy. That's why we give you a full month to try Network Detective after purchase. And if it doesn't meet your expectations for any reason, return it for a full refund; no questions asked.

OUR PRODUCT IS EASY, BUT THE HIPAA PROVISIONS AREN'T

The Network Detective HIPAA Compliance Module is easy to use. The automated data collectors are simple, wizard-driven programs that can be deployed by anyone with a minimum amount of IT knowledge and training. The forms and check-lists are also easy to access within the tool to make entering supplementary data and images a breeze. You'll have no problem branding the reports, editing them as you wish or printing them. The tool comes with user guides, manuals and instructional videos and we provide free technical support.

SO WHY DO WE ALSO OFFER PAID SUPPLEMENTAL TRAINING, YOU MAY ASK!

The truth is that while our software is easy to use and understand, the mountain of rules and regulations associated with HIPAA (Health Insurance Portability and Accountability Act) are not so simple. There may be a lot about the law that could impact your own organization that you don't know about. And if you are offering a service to clients, there's a good chance that they don't know all the rules that impact them as well – particularly when it comes to the technology aspects of the law.

There are many free resources that you can access from the federal government and other sites that will provide you with basic and advanced information about HIPAA. But what makes our training offerings different is that our focus is exclusively on those aspects of HIPAA that relate directly to IT under the Security Rule and the performance of a HIPAA Risk Analysis. We also go beyond product training to help you understand best practices in the collection of the data you need, as well as how to interpret the reports that are generated by our tools.

We offer three different training vehicles to enhance the value you get out of the Network Detective HIPAA Compliance Module and to help you build out a comprehensive HIPAA Managed Compliance Service.

1. On-Demand Video Training Series ($495 per company)

Here is the list of topics covered in this video series. Each topic is designed to be "digested" at a single viewing and includes several videos, each under 5 minutes:

HIPAA Risk Assessments (4 videos)
  • HIPAA Overview
  • How to Sell a Risk Assessment
  • What to Promise
  • How to Price a Risk Assessment
Information Gathering (5 videos)
  • ND HIPAA Site Interview
  • ND HIPAA On-Site Survey Overview & Tips
  • ND HIPAA Survey - Access Controls, Data Center, Firewall
  • ND HIPAA Survey - Office Walkthrough
  • ND HIPAA Survey - Wireless, FAX, E-mail, EHR
Delivering Results (6 videos)
  • Tips for Communicating Results
  • Diagnosis, treatment plan, bedside manner
  • Network Reports
  • Security Reports
  • Worksheets - User, Computer, Network Share
  • Risk Assessment & Risk Management

We recommend this video series to anybody on your team who will be working on HIPAA assessments using our tool. One purchase covers your entire organization.

2. HIPAA Compliance Workshop ($1299 per person)

If you provide IT services to any entities covered by HIPAA, by extension you become a HIPAA Business Associate under the law. As a HIPAA Business Associate your organization must implement a HIPAA Compliance Program, sign Business Associate Agreements, and provide compliant services to your customers and clients.

Mike Semel of Semel Consulting conducts workshops for IT VARs and MSPs to help them jump-start their HIPAA compliance programs. These workshops include:

  • HIPAA training
  • Customized HIPAA policies
  • Procedure templates
  • Checklists
  • Staff training materials
  • Personalized consulting for every participant to help them build a compliance program that exactly fits their needs.

Mike has owned or managed VAR and MSP businesses for over 30 years. He's an industry-recognized Security, HIPAA, and Business Continuity expert and has been the CIO for a hospital. Workshop participants have given glowing testimonials, including one who called the workshop "perfect."

Click here for more information or to register for the next workshop.

3. HIPAA Consulting Services

Rapidfire Tools has strategic partnerships with some of the nation's leading HIPAA Experts, and have arranged discounted pricing for our subscribers on an array of consulting services, including:

  • Risk Analyses for medical practices, clinics, surgery centers, hospitals, and business associates.
  • Consulting services to help clients bridge gaps to become compliant and earn Meaningful Use incentive money.
  • HIPAA SOS (Security Officer Services,) a compliance managed service that includes a risk analysis, customized HIPAA policies, procedure templates, checklists, staff training materials, security incident management, and personalized consulting for a year to help healthcare clients achieve and maintain compliance.

All supplemental training offerings are only available to existing customers. See the Upgrade section of your product for more information.

We didn't become the #1 IT assessment company by accident. We work hard to ensure that our software is easy-to-buy, easy-to-use, and does exactly what we promise. If you're not happy, we're not happy. That's why we give you a full month to try Network Detective after purchase. And if it doesn't meet your expectations for any reason, return it for a full refund; no questions asked.

THE HIPAA OPPORTUNITY FOR MSPs

There are more than 700,000 HIPAA individual organizations that are required by law to conduct a HIPAA Risk Assessment, including:

  • Hospitals,
  • Urgent Care Clinics,
  • Dental Offices,
  • Nursing Homes,
  • Behavioral Health Facilities,
  • Diagnostic Labs,
  • Correctional Facilities,
  • Pharmacies

In addition to the above so-called "Covered Entities" there is an estimated 2,000,000 additional "HIPAA Business Associates" that are exposed – or have access to -- protected information making them also subject to HIPAA regulations. A HIPAA Business associate is any of the following types of businesses that has one or more Covered Entities as a customer or client:

  • IT Service Providers
  • Shredding Companies
  • Documents Storage Companies
  • Attorneys
  • Accountants
  • Collection Agencies
  • EMR companies
  • Data Centers, Online Backup companies, Cloud vendors
  • Insurance Agents
  • Revenue Cycle Management vendors
  • Contract Transcriptionists

EVERY Business Associate, and all of their sub-contractors, must have proof of a Risk Analysis under the law. Even if they wanted to, most of these organizations do not have the staff, resources or expertise to do it themselves. This presents a tremendous opportunity for any IT Service Provider and MSP. The Network Detective HIPAA Compliance Module makes it easy to provide HIPAA services quickly and with less training using the Network Detective HIPAA Compliance module.

FOUR WAYS TO SELL A HIPAA COMPLIANCE ASSESSMENT

The Network Detective HIPAA Compliance module goes well beyond just providing the HIPAA Risk Analysis. It also includes a package of extremely valuable documents that can be sold as a one time, stand-alone HIPAA Compliance Assessment to a full and ongoing Managed Compliance service.

1. ONE-TIME HIPAA COMPLIANCE PACKAGE.

Not every HIPAA-Covered Entity or Business Associate knows that they are required to have a risk assessment performed, and some that do know may have limited resources to invest in their patients' (or their own) protection. For these organizations, you can offer a One-Time HIPAA Compliance package. Your package will include all of the documents automatically organized and prepared by the module, including: The HIPAA Policy and Procedures Document, the HIPAA Risk Analysis, the HIPAA Management Plan, and the Evidence of HIPAA Compliance. These core documents, along with all of the supporting documents should be considered your "Basic" offering, and will help your client meet their responsibility of having the audit conducted.

2. HIPAA ASSESSMENT & REMEDIATION

Conducting a comprehensive Risk Assessment is one thing, but that really should not be the "end" for your clients… it should be the "means" to the end. Your assessment is more-than-likely going to uncover a number of issues that need to be addressed. Some of these issues may be nothing more difficult than training an employee to update passwords. But others could be much more serious and involved, like changing the data back-up and recovery program. Your Network Detective HIPAA Compliance tool will provide a Risk Score Matrix that will prioritize the work that should be done based upon potential impact to the business and likelihood of occurrence. Get your client to sign you up for a Remediation Project that will address those issues that carry the highest risk, and highest fines.

3. MANAGED COMPLIANCE SERVICE

Organizations are not static, nor are their networks. New computers, software, mobile devices, equipment and files are continually being added onto the network throughout the year. And even with a relatively stable IT environment, most organizations' employees come and go, and change positions within the organization at a regular rate. The HIPAA assessment you perform today has a "shelf-life." How long that is really depends on a number of factors, including the type of the business, size of the organization, and speed of change

Best practice is to have a HIPAA assessment performed at some regular interval (but no less than once a year as required by law) to ensure that the organization is not only compliant at the time of the Risk Analysis – or upon completion of the follow-on remediation project – but that it REMAINS compliant at all times.

After your initial assessment and remediation project is complete, set your client up with a schedule of periodic re-assessments, which we call Monthly Risk Profiles, to ensure continued on-going compliance.

4. PART OF YOUR MANAGED SERVICE

If you are a Managed Service Provider and already have a practice that focuses on the Healthcare Vertical, you might be better off providing a full HIPAA Compliance Risk Assessment as a value added component of your comprehensive managed services contract. Let's face it, the value of the Assessment goes well beyond just HIPAA Compliance, but the reports alone will add considerable perceived value to the IT services you are delivering.

PROTECT YOURSELF FROM A HIPAA SECURITY BREACH!

If you work for an organization subject to HIPAA, -- or if you are an IT Service Provider or other Business Associate of these entities -- performing a HIPAA Risk Assessment using the Network Detective HIPAA Compliance Module is your best opportunity to protect yourself from a costly violation of the HIPAA Security Rule and the stiff fines that are often levied on those who fail to take pro-active measures to prevent them.


We didn't become the #1 IT assessment company by accident. We work hard to ensure that our software is easy-to-buy, easy-to-use, and does exactly what we promise. If you're not happy, we're not happy. That's why we give you a full month to try Network Detective after purchase. And if it doesn't meet your expectations for any reason, return it for a full refund; no questions asked.