Home HIPAA Main Page Contact Us

HIPAA Security Services

Security Perimeter Testing

Perimeter Testing is performed strictly over the Internet, primarily to determine the effectiveness of the firewall and any other perimeter security systems.  If there are vulnerabilities, they will be discovered through a variety of tools we use, which include Symantec's NetRecon network security probe, Nessus, or Internet Scanner from Internet Security Systems, in addition to other test utilities (ping, netcat, dig, nmap, etc.).  The discovered vulnerabilities and our recommendations for either removing them or minimizing them are reported in a detailed Perimeter Test report.

Security Internal Testing

Internal Testing involves both the Perimeter Test and on-site testing inside the firewall. The goal is to identify and assess the vulnerabilities associated with the network servers, user workstations, and network infrastructure systems, as well as the gateway routers and firewall systems. Test procedures are similar to those used in Perimeter Testing, with the main difference being the number of systems to be tested. Additional tools such as an Internet Security Systems Database Scanner may also be used.

Based on the overall findings, a report is provided describing the security flaws of networked hosts and devices, with recommendations for correcting them. During the on-site period we will provide limited assistance for correcting vulnerabilities discovered during the testing, which could include installing patches and hot fixes, hardening the operating system and application, or making configuration changes in cooperation with system administration personnel. Re-testing is performed as necessary.

Security Product Upgrades

We will upgrade your current system (firewall, VPN, or other Internet Security products) with the latest vendor releases or service packs, reconfigure your system, and test the upgraded system to ensure it is properly protecting your environment.

Security Gap Analysis

A gap analysis compares current operations and security precautions to the requirements mandated by the Final HIPAA Security Rule.

DigitalCare, Inc. has extensive experience conducting HIPAA Gap Analyses for health care organizations.  Outsourcing this process provides your organization with current expert opinion on the steps you need to comply with HIPAA. 

This comprehensive security analysis includes a baseline inventory of your current policies, procedures, systems and forms. 

The deliverables for DigitalCare’s Gap Analysis include:

1.      A completed Gap checklist for your organizations

2.      An Inventory of Information Systems

3.      A Security Risk Assessment

4.      A Physical Security Review

Security Assessment

Our Internet Security Assessment is an on-site service which evaluates your Internet Security requirements, analyzes your environment and Internet usage requirements, recommends a solution that will provide you with the security you need, and provides you with a budgetary estimate for implementing the recommended solution.  Our assessment includes development, presentation, and delivery of our Assessment Report.

Data and Applications Criticality Analysis

This analysis, required under the HIPAA Security Rule, will assess and rank the relative importance of specific applications, systems and data within your organization.

Contingency Planning

DigitalCare will conduct an onsite evaluation of your current information systems practices and design a comprehensive contingency plan for your organization. 

Deliverables will include the following specific documents necessary to comply with the HIPAA Security Rule:

1. A Data Backup Plan
2. A Disaster Recovery Plan
3. An Emergency Mode Operation Plan

Policies and Procedures Development

The final Security Rule requires that Covered Entities produce over 35 policies, procedures and plans.  Producing these documents in-house is costly, time intensive and unnecessary. 

DigitalCare staff members can perform an on-site audit of your current policies and write new policies that are both HIPAA-compliant and specific to your organization.

In addition, we have electronic templates of all HIPAA mandated security policies, procedures and plans available for purchase. 

Data Backup and Storage

DigitalCare provides off-site data backup and storage services that comply with HIPAA Security Regulations.

Depending upon your organization’s needs, we provide hardware, software and backup service via tape, disk and remote server updates.

This storage option includes the following benefits:

1.      No capital costs – hardware, software or media

2.      No maintenance costs

3.      Flexible growth as data increases/decreases – no need to plan for future hardware or have unused hardware

4.      Monitored 24x7 by storage professionals – notification of any system failures

5.      Automatically stores data offsite – disaster recovery issues

6.      Best of breed technology partners (Cisco, Sun, StorageTek, CommVault)

Periodic Security Reminders

The final Security Rule requires that organizations must periodically remind technology users of Security issues that they might encounter.

DigitalCare’s subscription-based service will email each of your staff members regarding current security issues.

This one-page email is sent on a monthly basis to health care organizations across the country, and is designed to keep health care providers knowledgeable about current security threats they may face.

VPN Configuration/ Implementation

We will configure, implement, and test virtual private networking capabilities for your entire enterprise.

Security Installation Services

Security application software comes with only the basic configuration.  We pre-configure these systems in our Internet Security Laboratory to take advantage of the wide array of tools and features available.

In addition, during the pre-configuration process, we use our lab to thoroughly check your system prior to integrating it into your existing environment and to minimize the impact to your on-going operations.

Once the pre-configuration is complete, we integrate the system into your existing environment, complete the configuration process, and perform the appropriate tests to ensure it satisfies your requirements. We test your system using Symantec's NetRecon network security probe, in addition to various utilities (netcat, ping, dig, nmap, etc).

Security System Reconfiguration

Our security engineers will reconfigure your security application (firewall, intrusion detection system, etc.) to support additional services, enhance your current services, and then test the reconfigured system.

Security Training

DigitalCare provides comprehensive training programs that include instructor-led, computer-based, online and video training.

 We have trained over 5,000 health care providers on HIPAA.

 DigitalCare’s HIPAA Security Specific Courses Include:

1.   HIPAA Analysis, Implementation and Compliance - DigitalCare will take members of your organization through a step-by-step guide on how to analyze, implement and comply with each of the HIPAA Security Standards. Through interactive instruction and participation, participants will learn how to conduct organizational self-assessments, perform a gap analysis, and develop an implementation plan that will lead to HIPAA compliance for your organization.

2.   HIPAA Security Workforce Training – HIPAA requires that a covered entity's entire workforce receive awareness training that explains HIPAA security standards, and describes organization-specific policies and procedures. During these courses, members of your workforce are trained to understand the specific steps that YOUR organization is taking to meet HIPAA compliance.

3.   Security User Education – HIPAA requires that all technology users undergo education regarding passwords, virus protection and other security issues.  DigitalCare’s security user education course can be delivered either in-person or online.