"ComplyAssistant’s cloud-based software solution allowed us to efficiently and effectively manage the entire compliance process, from assessment development and distribution through management of action items." --CIO, Cape Regional Health System
In the wake of several high-profile healthcare data breaches, cybersecurity trumps budgets for health system CIOs and CISOs in the year ahead. Bad actors are everywhere. And every healthcare provider must stay on top of any network connected device, information sharing loophole or other incident that may lead to a data breach.
Something as simple as a lost or stolen employee laptop can bring major consequences. ComplyAssistant’s healthcare incident reporting software offers the ability to track and monitor healthcare’s most notorious data breach culprits.
The HITECH Act requires HIPAA-covered entities to provide notification to affected individuals and to the Secretary of HHS following the discovery of a breach of unsecured protected health information (PHI). A "breach" is defined as "the acquisition, access, use, or disclosure of protected health information (PHI) in a manner not permitted under [the HIPAA Privacy Rule] which compromises the security or privacy of the protected health information."
Our incident reporting software tracks all types of complaints, issues, incidents, and more. And while it isn’t limited to healthcare, we’ve built a very specific risk assessment to determine the “probability of compromise” when incidents occur within a healthcare organization. This is unlike other incident management platforms.
When using our incident reporting software, a user-friendly questionnaire walks you step-by-step through determining an incident’s probability of compromise, as well as what’s needed to stay compliant when a breach incident is determined. This risk assessment was written by our attorney partner, further cementing the function’s adherence to legal compliance.
As a response within the questionnaire indicates a potential breach, further questions appear to determine the severity of the threat. If a breach is determined at the conclusion of the risk assessment, the software provides guidance on next steps and opens additional breach reporting fields within the incident under investigation.
For example, when more than 500 people are affected by an event, the media and the Department of Health and Human Services must be notified immediately. The number of people affected is a question in our questionnaire; if the answer is greater than 500, this would be among the suggestions you would receive.
First and foremost, incident tracking is required by HIPAA. Whether using our tool or not, all healthcare entities must have some tracking function in place.
As previously mentioned, our tool also allows you to manually build a task list of action(s) you need to take after an incident takes place, and tasks can be assigned to the team members responsible for handling them. This creates a paper trail to cover any questions that might arise down the road.
Finally, this software tracks non-breaches too. You can track all events in one place, streamlining the solutions you need to manage your business effectively.
Tell us a bit about yourself and one of our experts will contact you: