Healthcare Compliance Software

Our GRC solution is used for HIPAA and other information security frameworks such as HITRUST, NIST and PCI.

  • Manage any federal, state and local compliance regulation

  • Administer high volume third party vendor risk management programs

  • Manage by exception with filtering, alerts, notifications, and a simple user interface

Learn More

Healthcare Compliance Consulting

We focus on information security audits that cover all control standards, identify gaps, and deliver a holistic risk mitigation roadmap.

  • All audit results are delivered in our compliance management software portal, not a spreadsheet

  • Our consultants are seasoned subject matter experts, not juniors

  • We are engaged by clients across the country and can provide excellent referrals upon request

Learn More

Solutions
for
MSPs

Our software is used by managed service providers (MSPs) who provide general IT and HIPAA related services to their clients.

  • Using unstructured tools makes the management of client audits difficult

  • Provides your organization with a better way to manage your clients higher volume business associate audits

  • Manage your clients by exception with extensive filters, automated alerts, and notifications

Learn More
Healthcare organizations of all sizes trust ComplyAssistant.
Centra State Healthcare System
AtlantiCare Healthcare
Gnyha contracted reduced
St. Joseph's Healthcare System
Palisades Medical Center
Christian Health Care Center

Featured Press

Hacking Healthcare Event – Long Branch, NJ

Sept 13 – 14 2017 ComplyAssistant and Sensato Team Up To Host Hacking Healthcare Event on September 13th and 14th in Long Branch, NJ. The theme of the event this year is “the attacker’s perspective.” Over two days you will dive deep into the psychology of the attack, become intimate with emerging attack technologies and approaches, and dissect attack methodologies and the latest threat intelligence.

NJ HIMSS Free Webinar on Information Security Considerations in Regards to Population Health

Sept 21 2017 The webinar will focus on the evolution of Population Health, new technologies, and solutions that could impact information security, from IOT (internet of things) to the cloud, mobile devices to medical devices, personal apps and telemedicine, and more. It is a numbers game when considering increased risk from both internal threats and external attacks. Healthcare organizations must therefore conduct ongoing risk assessments to identify gaps and vulnerabilities that make identifiable health information prone to unauthorized access, both in transit and at rest.

ComplyAssistant And Sensato Executives to Speak On Information Security Risk Management During October 2017 NJ DV HIMSS Regional Conference

Oct 4 – 6 2017 ComplyAssistant CEO Gerry Blass and Sensato Vice President Mike Chirico to speak during the 10th annual NJ DV HIMSS Regional Conference. The presentation is entitled “Ingredients Of A Holistic Approach To Information Security Risk Management”.

Free Tools

Business Associate Agreement Template
Free

This is a Business Associate Agreement / Contract Addendum template for the requirements of the HITECH Act of 2009 in Microsoft Word format. Use it as a starting point and customize to meet the requirements for your business associates agreements.

HIPAA Privacy and Security Proactive Audits Tool Kit
Free

Contains recommended HIPAA Privacy and Security audits that your organization should consider implementing for policies & procedures, proactive information system activity review, and facility walk throughs.

HIPAA Facility Security Walkthrough Checklist
Free

Excellent guidance for auditing facilities that contain protected health information. Simply check the boxes and write notes as you conduct your walk-through audit.

Tips

Why Empowering the CISO is Important for Healthcare Information Security Risk Management

We are starting to see Chief Information Security Officers (CISOs) reporting outside of Information Technology (IT). This makes sense because the CISO needs to be able to audit the IT controls and give an unbiased report to senior management.

HIPAA-HITECH Security – Why Pay for “Nothing”?

We read about healthcare organizations that get fined by the OCR for basically doing nothing, meaning that they have a general lack of evidence of due diligence for HIPAA.

How to avoid HIPAA penalties based on some of the largest!

Reviewing some of the largest fines can help healthcare organizations learn how to avoid them should an incident occur. Many experts say that it isn’t IF an incident will occur, it’s WHEN.

Updates

Third Party (BA) Contract and Privacy and Security Risk Management

The HITECH-OMNIBUS final rule stepped up the requirements and for both CEs and BAs and both must now include the new requirements in their information privacy and security risk analysis and management program.

Office of Civil Rights Phase 2 HIPAA Audit Protocols

Based on prior statements from the OCR and their recently distributed survey, the pool of audit candidates will be approximately 800 to start. These randomly selected organizations will be chosen using the National Provider Identifier database and other external sources.

Workforce Risk and the Evolution of the Breach of Protected Health Information (PHI)

Who would have thought back in 1990 that someone in China or Russia or anywhere would be able to steal health information in a hospital in Anytown USA and even hold it for ransom.

Prepare and Protect.

Contact Us Today