The Initial Data Collection

One of the most challenging parts of performing a HIPAA risk assessment is gathering and organizing necessary data from different sources. The HIPAA Compliance module simplifies the process by providing a central repository to collect the information in a safe and secure manner.

Begin by conducting a site interview to gather answers to a series of pre-established questions. With the module’s built-in interview form, answers can be typed directly into the HIPAA Risk Assessment Engine.

Next, conduct an on-site survey to personally observe the environment, take photographs, and check security policies. The module includes a comprehensive checklist of things to look for and a place to record answers and upload images. While on-site, you will run the non-intrusive local HIPAA scanner on each PC in the office and kick off an external vulnerability scan.  The results of all individual scans are automatically collated back into the master report.

Recording Exceptions

At this point you will generate a Security Exception Worksheet, which lists all identified issues and lets you add an explanation, if needed.  That’s it.  All the gathered information is now ready to be crunched, analyzed, output, and organized into a set of official HIPAA Compliance reports and documents.

Producing Your Documents

Prior to generating the documents, you’ll want to add some personal touches such as branding elements and report styles. You can also upload your organization’s logo, insert client information, select custom colors, report cover images and layouts.