How can Chel-Mikk assist your business with HIPAA/HITECH compliance.

Risk Analysis and Management

A risk analysis process includes, but is not limited to, the following activities:

1. Evaluate the likelihood and impact of potential risks to e-PHI.
2. Implement appropriate security measures to address the risks identified in the

    risk analysis.
3. Document the chosen security measures and, where required, the rationale for 

    adopting those measures.
4. Maintain continuous, reasonable, and appropriate security protections.

Risk analysis should be an ongoing process: (A service provided by Chel-Mikk)

1. The covered entity regularly reviews its records to track access to e-PHI and detect

     security incidents.
2. The covered entity periodically evaluates the effectiveness of security measures

     that have been put in place.  This includes updating these security measures.  

3. The covered entity regularly reevaluates potential risks to e-PHI. Physical Safeguards

     Facility Access and Control. A covered entity must limit physical access to its facilities

     while ensuring that authorized access is allowed.  


Workstation and Device Security.

1. A covered entity must implement policies and procedures to specify proper use of and

    access to workstations and electronic media.

2. A covered entity also must have in place policies and procedures regarding the

    transfer, removal, disposal, and re-use of electronic media, to ensure appropriate

    protection of electronic protected health information (e-PHI).

Technical Safeguards

Access Control. A covered entity must implement technical policies and procedures that allow only authorized persons to access electronic protected health information (e-PHI).

Audit Controls. A covered entity must implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-PHI.

Integrity Controls. A covered entity must implement policies and procedures to ensure that e-PHI is not improperly altered or destroyed. Electronic measures must be put in place to confirm that e-PHI has not been improperly altered or destroyed.

Transmission Security. A covered entity must implement technical security measures that guard against unauthorized access to e-PHI that is being transmitted over an electronic network.   

Chel-Mikk provides services to cover all areas of HIPAA/HITECH Compliance.




Print Print | Sitemap
© Chel-Mikk Computer Services Corporation