How Mana Security Can Your Organization Become HIPAA Compliant HIPAA Overview Small Health Organizations - Compliancy Date: April 14, 2004 Ongoing Compliancy Maintenance The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted as part of a Congressional healthcare reform. HIPAA mandates, among several other regulations, a minimum level of IT security requirements for protecting electronic patient health information. These standards are designed to improve efficiency and protect the security and confidentiality of electronic individual patient health information. HIPAA is an enterprise-wide issue and is not the solitary responsibility of the IT department. There are regulatory, legal, process, training, security and technology facets of each of the rules governing HIPAA that must be analyzed and evaluated before an implementation plan can be put in place and compliance achieved. While HIPAA provisions do not specify the manner in which information is secured, the regulation does put forth an “Administrative Simplification” of the security requirements. All entities, regardless of size, involved with electronic health information pertaining to an individual must incorporate at least a minimum level of security features into their operations. The HIPAA regulations are impacting healthcare in five major areas. Standard Transactions Standard Code Sets Uniform Identifiers Privacy Standards As required by HIPAA, the Standards for Privacy of Individually Identifiable Health Information (a.k.a. Privacy Rule) covers health plans, health care clearinghouses, and those health care providers who conduct certain financial and administrative transactions electronically. Most covered entities must comply with the Privacy Rule by April 14, 2003. Small health plans have until April 14, 2004 to comply with the rule. Mana Security’s HIPAA-Safe provides health-care organizations with a comprehensive, affordable solution towards HIPAA compliancy while improving efficiency, protecting the security and confidentiality of patient information and ensuring a positive return on investment (ROI). The following sections address each of the minimum security features of HIPAA and indicate how Mana Security’s HIPAA-Safe address these requirements: Administrative Procedures to Guard Data Integrity, Confidentiality, and Availability Physical Safeguards to Guard Data Integrity, Confidentiality, and Availability Technical Security Services to Guard Data Integrity, Confidentiality, and Availability Technical Security Mechanisms to Guard Against Unauthorized Access to Data That is Transmitted Over a Communications Network Mana Security works with health care organizations of all types by offering extensive health care security solutions, cost-effective for organizations of all sizes. Flexible packages ranging from total network security management to singular consulting services are available. Contact us for information about how Mana Security’s HIPAA-Safe can develop a solid security foundation and achieve compliancy by April 14, 2004. Mana Security also offers ongoing HIPAA Certification maintenance by updating and providing the following services: 24x7x365 Firewall Monitoring & Management* Content Filtering* Vulnerability Scanning* E-mail Filtering* High Availability* Security Policy Information access control* Security Policy Training (for the IT Administration & Support Staff and non-IT employees) Security configuration management Security plan, rules, procedure documentation Hardware/software installation & maintenance review and testing for security features Inventory Ongoing Security Testing Virus checking* Recurring Risk Analysis Physical access controls Security Procedure Update Access Control Emergency Access Control* Context-, Role-, and User-based access Encryption* IPSec VPN* Authentication* Audit Controls Authorization Control Entity Authentication Communications/Network Controls* (*Note: Mana Security can provide your organization with an option to include these in a managed solution.) Mana Security delivers a suite of cost-effective solutions that can meet the requirements for ensuring HIPAA due diligence. Mana Security delivers a series of flexible protection packages that provide a solid security foundation for healthcare professionals, ranging from comprehensive network security management to singular consulting services. These solutions can be deployed today helping to make patient privacy and information access a valuable client service and key market differentiator, not just a cost obligation. Contact us for more information regarding Mana Security’s flexible HIPAA-Safe Ongoing Compliancy Maintenance Program.