AN INTRODUCTION TO COMPLIANCE MANAGEMENT
Our goal is to simplify compliance
The Compliance Management Program is an intense process that ties in aspects of an OCR audit and all recurring action items required by HIPAA and HITECH, complementing your current compliance program. It is meant to take the place of a full-time compliance and security expert for a fraction of the price. We’re able to achieve these efficiencies in cost and process by using automation and other resources, including a highly-trained compliance and security team.
Running Exelegent’s Compliance Management Program will help your healthcare organization assess, achieve, and maintain compliance year after year.
Exelegent’s simple yet incredibly detailed approach to healthcare compliance management will allow your organization to meet and exceed all organizational compliance and security goals while keeping your budget in check. Our advanced KPIs and reporting give you action items and reports that you can use to drive the security and compliance strategy in your organization.
Trust is our top priority, so we hope you’ll see why we have achieved a 100% customer retention rate over the years and are trusted with petabytes of sensitive customer data. Referrals are available immediately upon request.
- Mock OCR Audit
Pass a mock OCR Audit using Exelegent’s expertise to advise and guide the process.
- NIST-Based Risk Analysis
Scalable, accessible, and industry standard NIST-Based Risk Analysis run once a year or after major system or process changes. Enterprise risk management Risk Score also included.
- Vulnerability Assessment
Clearly defined vulnerability assessment results with actionable risk mitigation activities every month or quarter, with a vulnerability remediate plan and process.
- Risk Mitigation Plan
Both a high-level and granular explanation of all risks identified during the risk analysis and vulnerability assessment or through a full compliance audit
- Employee and Business Associate Training
Exelegent uses its proprietary compliance training and testing platform, CertifyHIPAA.com, for employees and business associates to easily understand HIPAA
- Evaluation and Quarterly Risk Management Review
A quarterly update of compliance progress, including risks and your compliance status
- Documentation Review
With the help of our legal partners, Exelegent provides a comprehensive review of all HIPAA-related documentation
- Business Associate Review
Review of BAA, along with BA Risk Analysis questionnaire to understand risk posed by BAs
- Penetration Testing
Internal and external penetration testing to exploit vulnerabilities found during VA
- Breach Response
Immediate breach response capabilities, allowing you to mitigate any breaches within 30 days, as heavily suggested by HHS. Support following the breach is also provided until all risks mitigated.
- Compliance Hotline
Creation of a 24/7 dedicated compliance hotline
- Security Reminders
Quarterly security reminders for employees, including mock phishing exercises
- Physical Audit
To test physical security and employee awareness, Exelegent compliance experts anonymously visit client locations and perform a compliance check. A detailed report is provided.
- Information Systems Compliance Management
Quarterly audits on information systems where PHI is stored, including proper permission for users, is critical in both understanding your company’s compliance environment in your information systems, and effectively managing who has access to sensitive information. Includes:
• Review of EMR and Network User Permissions Audit
• Recovery from Backup Review
• EMR User Audit
• Network User Audit
• Operating System Patches
• Anti-Virus Audit
• Web Application Scan
• Firewall Security Audit
- Security Framework Support and Implementation
Exelegent’s technology, security, and compliance experts help you choose the best security framework to use in your organization. Once chosen and a project plan is created, we provide the guidance, management, and tools it takes to fully and successfully implement a scalable security framework.
- Security Operations Center
Our information security operations center (“ISOC” or “SOC”) is a facility where enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints) are monitored, assessed, and defended.