GSG Compliance assists you in the next steps: 

• The SRA is a comprehensive questionnaire that highlights existing and potential security and privacy violations.  Every Covered Entity must have a Security Risk Assessment completed each year.  Should an audit take place, the SRA will be the covered entities main defense and what illustrates how the entity is protecting its PHI.

• We will assist you in completing the questionnaire.  This may include working with the current IT Provider, EHR Vendor, as well as any other business partners that may have access to PHI or have an influence on your Covered Entity's security and privacy. 

• This is a software scan of the practice's network to alert you to any vulnerability from various hardware components, portals, access points, etc. 

• GSG Compliance will provide you with a summary of the results. 

• As a Covered Entity (CE), any business associate or partner that has access to patient information must have a completed Business Associate Agreement that includes the new Omnibus rules in effect as of 2013. 

• Some examples of common business associates to a medical practice are:  IT Vendors, EHR/PM Vendors, EDI Vendors, Billing Partners and Transcription Companies. 

• GSG Compliance will help you determine which of your business associates need to have Business Associate Agreements.

• Covered Entity must have written and HIPAA compliant Information Security Policies.

• GSG Compliance will assist in review of existing policies and recommend any additions or modifications to make sure the Covered Entity is compliant.  This may require staff training and the need to address other areas.