Healthcare IT Services

The HIPAA Managed Network

In the HIPAA era new standards have been legislated that require constant care and feeding of the technology in any healthcare organization. It turns out that these standards are aligned with the Best Practices that Pit Crew IT Services promotes to all of its clients, not just those affected by HIPAA.

If one studies the HIPAA Security Rule, it is clear that due to the ongoing monitoring requirements in the law, there is really only one IT solution to ensure HIPAA compliance – Managed Services. Managed IT services from Pit Crew IT is defined as a comprehensive suite of services provided by a team of IT pros, complemented by an extraordinary set of sophisticated monitoring and management tools which can be delivered for a fixed monthly fee.

Doing what is necessary to keep the network running is no longer an acceptable performance standard for a covered entity. Even 99.9% uptime is not enough. There are myriad of other requirements that combine to maintain an IT Network in a continuing state of compliance.

For example, the first section of Administrative Safeguards in the HIPAA Security rule, section §164.308 (a) (1) (ii) (D) states,

“Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.“
The only practical and economical approach to compliance with just this one section is Managed IT Services. Here’s why:

1. It would be physically impossible for one IT person to keep up with the rigors of this requirement. At some point that person will need to take a vacation, call in sick or not work a weekend.

2. The cost to maintain compliance in an hourly break/fix service scenario is prohibitive.

3. There are only a handful of individual IT professionals with the Swiss army knife skill set required to manage the complex technology of today. It takes a team.

Regardless of who is handling IT for you today and what business model they use, finding out just exactly where you stand is a HIPAA mandate.

How do you know if your network is a HIPAA Managed Network?

Risk Assessments

The medical community is well aware there are significant penalties available to HHS authorities for ‘willful neglect’ under the HITECH Act.   And although practices are required to conduct a HIPAA Risk Assessment annually many have not had their initial one.

This is somewhat understandable given the difficulty of breaking down the complexities of the legislation.

Fortunately for medical and dental practices in Texas, Pit Crew IT Services has developed a 39 Point Assessment to identify compliance deficiencies and provide remedial recommendations.

This invaluable program identifies exactly where you stand, what you need to do, and what it will take to comply with the law.  The Assessment specifically addresses the following key provisions of the HIPAA Security Rule:

▪ Security Management Process
▪ Facility Access Controls
▪ Workforce Security
▪ Device and Media Controls
▪ Security Incident Procedures
▪ Contingency Plan
▪ Workstation Use
▪ Access Control
▪ Workstation Security
▪ Audit Controls

To schedule your HIPAA Risk Assessment or for more information on Managed IT services, call (210) 547-0305, option 2 or complete the form on the Contact page.