Posted at 02:59 PM in Health IT, HITECH / HIPAA, Internet Resources, Webinars | Permalink | Comments (0)
Posted at 03:34 PM in Health IT, HITECH / HIPAA, Webinars | Permalink | Comments (0)
HOW TO COMPLY WITH HIPAA?
|
Posted at 03:56 PM in Current Affairs, GDPR, Health IT, Healthcare, HITECH / HIPAA | Permalink | Comments (0)
If you anticipate or are currently transacting commerce with EU consumers, you will need the ability to perform a Personal Data Risk Assessment with Expresso.
HIPAA Survival Guide Subscription customers may purchase GDPR with Expresso as an ADD-ON for a one-time cost of $495.95 with no increase to your renewal fees.
Click here for more information and to purchase GDPR with Expresso ADD-ON.
Non-subscription clients may purchase Expresso with GDPR Subscription that includes GDPR Products for $1,295.95.
Click here for more information and to purchase Expresso with GDPR Subscription.
If you have any questions, please contact us at support@3lionspublishing.com or call (800) 516-7903
Expresso® was designed to manage more than one compliance regime. We are now delivering on that promise. Our competitors' products were narrowly focused on HIPAA and they have no easy path to migrate their offerings to other regimes. This includes smaller competitors and those that come with a more hefty price tag. None are delivering the kind of innovation that Expresso® represents.
We have rationalized the GDPR risk assessment in a more streamlined manner because GDPR is even less prescriptive than HIPAA. Our decade of experience provides you with a foundational list of 10 Essential Controls that any compliance regime requires. We introduced the Compliance Stack™ as a way to explain this groundbreaking innovation to the marketplace.
An introduction to the GDPR's 10 Essential Controls that are included in Expresso follows:
1. Risk Management: This Control encompasses the entirety of an entities Risk Management program ("Program"), including Risk Assessments and implementing additional Security Controls ("Controls") that reduce Risks to levels that are "reasonable and appropriate."
2. Incident Management: There can be no effective Risk Management Program, including but not limited to Breach Notification, of security incidents are not tracked.
3. Inventory (Security Objects): Controls are applied to Security Objects (e.g. most think in terms of an asset inventory but the term encompasses much more than that).
4. Administrative: Compliance is a multi-disciplinary subject matter domain that requires a skillset far greater than technical acumen.
5. Authentication: The ubiquitous nature of smart phones has led to widespread use of two-factor authentication by most large organizations including banks, brokerages, and of course all the major technology firms.
6. Breach Notification: Breach notification, under every compliance regime where it is applicable, has become the 800-Pound-Gorilla that drives enforcement. Such is the case for HIPAA and we expect this same Gorilla to dominate GDPR enforcement. Large Breaches attract the attention of regulators.
7. Disaster Recovery: Disaster Recovery is yet another meta-control because it encompasses much more that data backups. Of course, backing up your protected data, and all your data for that matter, is mission critical.
8. Audits: Measurement against a baseline of a compliance regime's requirements is the only level of granularity that matters during an audit.
9. Technical Controls: This is another meta-control that of necessity must be treated as such because it is where the most innovation is currently occurring in cybersecurity defenses (i.e. for the moment we are discounting the importance of process innovations because they are so little understood). What we enumerate here as sub-controls are the basics, the most important of which is encryption.
10. Physical Controls: Physical Controls are such a no-brainer that they often go overlooked because of our obsession with technology.
GDPR PRODUCTS AND SUBSCRIPTION
GDPR Products are available on the HIPAA Survival Guide Store. They include:
GDPR products can be purchased as a subscription or individually (including the Combo Package).
We recommend that you have at least four basic policies in place: (1) a Notice of Privacy Practices (outward facing); (2) a Privacy Policy; (3) a Security Policy; and (4) a Breach Notification Policy (collectively "Policies").
NOTICE OF PRIVACY PRACTICES ("NOPP")
Your GDPR NOPP is similar to covered entities NOPP under HIPAA, except you need to provide access to it in places where Data Subjects would expect to see it.
Your Privacy Policy is an internal facing document and contains your organization's intentions vis-a-vis protecting the confidentiality of Personal Data. It should contain information about your Data Protection Officer (or Representative) and how you intend to resource this position.
Surprisingly there is only one Article in the GDPR (Article 32) that deals directly with security. It's not that security is not important under the GDPR, it obviously is; rather, it's that the emphasis on Privacy dominates.
The GDPR introduces Breach Notification into the EU for the first time. Given what we have witnessed under HIPAA (post the HITECH Act) Breach Notification will also emerge as the GDPR's 800-pound Gorilla.
If you have any additional questions regarding GDPR Compliance, please contact us via email at support@3lionspublishing.com or by telephone at 800-516-7913.
Posted at 02:38 PM in Health IT, HITECH / HIPAA, Information Technology for Healthcare (EHR/EMR) | Permalink | Comments (0)
Posted at 05:10 PM in Health IT, Healthcare, HITECH / HIPAA | Permalink | Comments (0)
This short video provides an explanation of how EXPRESSO® uses its Compliance Equation to perform a HIPAA Risk Assessment. In addition, the video describes HIPAA Survival Guide products, education, and tools that you can customize and use in your organization.
One of the key HIPAA Survival Guide tools are our Scorecards that not only provide descriptions of HIPAA Implementation Specifications or Controls, but also point you to HIPAA Survival Guide Remediation products, which provide customizable examples of proposed organizational policies, processes, tracking mechanisms and an assortment of compliance tools and education for covered entities and business associates.
Scorecards based on specific requirements are the only way to measure the progress of your compliance initiative (i.e. by definition, if you are in compliance with all the requirements of a regulatory regime then you are in compliance).EXPRESSO® and the HIPAA Survival Guide works in tandem to guide your efforts in becoming HIPAA Compliant.
Please note that we offer a 15-DAY FREE TEST DRIVE of EXPRESSO®! Why not give it a try? Just click on the link below!
Expresso® 15-day FREE Test Drive
To try EXPRESSO®, just click on the above link and fill out your contact information. Our Customer Service Staff will set up your Free 15 Day EXPRESSO® Test Drive and arrange a "Go To Meeting" session to review how you can do your HIPAA Risk Assessment in 3 hours or less.
EXPRESSO® is an easy to use Risk Assessment software that allows you to detect risks, threats, security objects, and vulnerabilities to PHI and identify impacts and assign controls at a glance! It allows you to do a Baseline Risk Assessment in 3 Hours or less!
Our "Quick Start Guide" gets you off and running to complete your first Risk Assessment. EXPRESSO® comes pre-populated with all the Risks, Threats, Vulnerabilities and Impacts necessary to a complete a Baseline Risk Assessment.
With Expresso® You Can:
1) Perform a Baseline Risk Assessment in a matter of hours,
2) Bulk import Security Objects: people, places, assets, processes to apply Security Controls,
3) Track the results of the Controls applied, and
4) Retain instances of past Risk Assessments for reporting or audit purposes.
If you have any questions, you may reach me at dleyva@3lionspublishing.com
Posted at 10:13 AM in Health IT, HITECH / HIPAA, Internet Resources, Web/Tech | Permalink | Comments (0)
Who doesn’t like coffee? Well maybe there are a few who don’t, but I’m a morning coffee person. It helps get my day started. When there are complex challenges to overcome, I need all the help I can get. Expresso® is that “jolt of coffee” that enables users to quickly and accurately perform their first HIPAA Risk Assessment. Customers claim it is “a smooth process”. The ability to use Expresso® Risk Assessment software enables HIPAA Security Rule implementation specifications via Controls to associate Threats, Vulnerabilities and Risks. This facilitates "having the tools to get an onerous, difficult, but necessary job done." There is no need to answer over 30 questions and then begin Risk Mitigation without a plan. The HIPAA Survival Guide not only has Expresso® to identify risks but also a HIPAA Implementation Plan and over 30 tools to mitigate risks.
Nevertheless, a Risk Assessment is only the first step toward compliance, and it’s important because this is where the “real fun” starts. Once risks are identified, organizations develop their Risk Mitigation processes, procedures, and tracking mechanisms to guard against the impact of unprotected risks. The HIPAA Survival Guide has over 30 products, training, videos, and webinars for customers, with monthly newsletters and FAQ documentation to climb the learning curve rapidly. Just by watching the videos and participating in webinars, one customer said it was like receiving a “college education” in Regulatory Compliance. “Webinars are outstanding!” One can even become a HIPAA Certified Professional (HCP), sponsored by 3Lions Publishing, Inc. and the HIPAA Survival Guide.
Yes, HIPAA compliance is a complex topic. However, before you begin to assess and mitigate risks, it makes sense to obtain a basic understanding of what is required. Once you identify the objective, it is certainly easier to achieve the desired outcome. One customer said, “Expresso® and the HIPAA Survival Guide’s products are a complete deal – the whole package.” We claim that clients can produce a Risk Assessment in 3 hours or less, and it is true! Once you understand where you’re going, and are in possession of an easy to read map and a guide you'll get there fast. “ Expresso®’s documentation was so easy to read that I could report my progress right away. For me, that is worth a lot.”
Another important fact is that Expresso®, and the many products on the HIPAA Survival Guide website, were designed and developed by Carlos Leyva, Esq. from the Digital Business Law Group, P.A., a renown HIPAA knowledgeable lawyer. Carlos dove into the HIPAA Regulations to develop products for HIPAA Compliance and to design Expresso® to support Covered Entities and Business Associates.
As a bonus to Expresso® and the HIPAA Survival Guide Risk Mitigation products, a number of customers have retained Carlos Leyva, Esq. as legal counsel to help guide their HIPAA compliance mission with his fixed fee HIPAA Jumpstart offering. There are very few consultants with a lawyer’s level of HIPAA regulatory knowledge. Our customers say this has given them greater confidence as they develop their HIPAA compliance repository. Shirleen Sando, a HIPAA Survival Guide customer, says “If you want to learn, it’s there… the whole package; from Risk Assessment to Risk Mitigation with educational steps along the way. I recommend Expresso® and the HIPAA Survival Guide’s Risk Mitigation products to anyone.”
Contact support@3lionspublishing.com for more information.
Posted at 09:37 AM in Health IT, Healthcare, HITECH / HIPAA, Internet Resources | Permalink | Comments (0)
Looking for a simplified way to keep up with HIPAA? For a limited time, we are making available our "Showing HHS Visible, Demonstrable, Evidence" webinar when you sign up for our FREE monthly newsletter.
Posted at 03:23 PM in Current Affairs, Health IT, Healthcare, HITECH / HIPAA, Web/Tech | Permalink | Comments (0)
Tags: HIPAA, ransomware
Recently, the Digital Business Law Group P.A., Carlos Leyva, Esq., began providing legal assistance to customers of the HIPAA Survival Guide.
Posted at 11:54 AM in Health IT, Healthcare, HITECH / HIPAA, Internet Resources | Permalink | Comments (0)
A Risk Assessment is a process by which an Organization identifies: (1) Threats to the Organization (i.e. to its Operations, Assets, or Individuals); (2) Vulnerabilities internal and external to the Organization; (3) The harm (i.e. adverse Impact) that may occur given the potential for Threats exploiting Vulnerabilities; and (4) The Risk associated with a specific Threat, Vulnerability and Impact combination.
Although a definition of Risk Assessment is helpful and required, we also need to clearly understand the cybersecurity context in which we all now operate. We have become jaded by the daily announcements of massive data breaches and their consequences. So much so that it appears that providing a hardened cyber defense may be a hopeless task. ExpressoTM takes on this challenge head on by reducing the complexity associated with performing Risk Assessments.
ExpressoTM is Software-as-a-Service ("SAAS") built upon industry best practices and a world class Risk Management Framework[1] developed by the National Institute of Standards and Technology (“NIST”)[2]. ExpressoTM takes a complex problem and clarifies its implementation so that Risk Assessments can be readily understood by the masses—without the need for the masses to become information security professional.
To learn more, visit the HIPAA Survival Guide ExpressoTM Product page and watch the following Video.
[1] See generally NIST Special Publication (“SP”) 800-39 (“Risk Management Framework”).
[2] NIST is the organization that provides cybersecurity advice and guidance to U.S. Government (“Government”) agencies.
Posted at 08:16 AM in Health IT, Healthcare, HITECH / HIPAA | Permalink | Comments (0)