HIPAA Self-Directed Risk Assessment Successfully Implemented at Yoakum County Hospital

Share Article

CynergisTek and Blass Consulting Provide Expertise and Affordable HIPAA Security Compliance Solution.

CynergisTek, Inc. and Blass Consulting, LLC, leaders in information security solutions, announced today the successful launch of the Self-Directed Risk Assessment Solution (“SDRA”) at Yoakum County Hospital. Yoakum County Hospital is a 24 bed rural hospital in west Texas.    

Like so many smaller entities covered by the requirements of HIPAA Security, Yoakum was looking to ensure compliance with a solution that was affordable, provided subject matter expertise and could support on-going compliance requirements. Smaller covered entities, particularly hospitals with less than 175 beds, have all the requirements of HIPAA but may not have the budget or the expertise internally to navigate the standards as they apply to their organization.

Many times, hospitals in this market segment simply cannot afford the fees associated with using independent consulting firms to perform a traditional, best-practice risk assessment. As a result, many attempt to use the “do-it-yourself” offerings without the guidance of a subject matter expert. Yoakum County Hospital found that with CynergisTek’s SDRA that they were able to get the best of both worlds, the affordability of a do-it-yourself offering with the support of world-class information security and regulatory compliance experts knowledgeable in healthcare.

“Like most healthcare workers today, we wear many hats. It is difficult to find the time to focus enough attention to all the detailed requirements of the HIPAA security rule. The Self Directed Risk Assessment (SDRA) gave us a structured environment to work in and enabled us to complete our baseline HIPAA security risk assessment. The HIPAA ComplyAssistant software tool and tailored survey sessions provided us with the guidance we needed and automates our work plan management going forward,” Diana Galvan, HIPAA Security Officer, Yoakum County Hospital.

The HIPAA security rule requires that a risk management program be implemented. The SDRA program includes a thorough and accurate risk analysis, periodic testing and ongoing auditing of security controls in a convenient subscription service. Accomplishing these tasks can be difficult for large hospitals, but for the smallest entities it may seem overwhelming. The SDRA provides tools, templates, surveys and testing to support in-house risk analysis efforts. The solution includes:

  • The “HIPAA ComplyAssistant” software tool license
  • Tailored Tutorials for the “HIPAA ComplyAssistant”
  • External security assessment on public facing systems
  • Internal security assessment on all networking devices for entities > 175 beds
  • Detailed listing of all vulnerabilities and risk exposure severity
  • Third party validation of in-house risk analysis efforts
  • Sample policy templates covering all 54 specifications within the rule
  • HIPAA ComplyAssistant electronic user’s group to facilitate exchange and feedback with peers
  • HIPAA Security helpdesk support for both HIPAA ComplyAssistant and remediation issues.

“We have completed our HIPAA security risk assessment and have a clear path to follow to address issues,” commented Clay Taylor, CEO, Yoakum County Hospital. “We also have the tools to demonstrate continued due diligence in compliance with the HIPAA security rule.”

CynergisTek has designed 3 SDRA programs for hospitals up to 300 beds. Fees are determined based on hospital size and range from $6,000 to $11,500 in the first year of the program. Ongoing annual subscription fees average around $5,000 for organizations that want to implement the SDRA as an ongoing compliance management and audit program.

“As with other unfunded governmental mandates, hospitals, clinics and physicians find themselves balancing budgets between compliance and care,” said Mac McMillan, CEO, CynergisTek. “The SDRA Solution tips the scales in favor of care, while providing a solution that keeps the entity in compliance and makes compliance achievable and affordable.”

About CynergisTek, Inc.

CynergisTek is an information technology consulting firm with specific focus on information security, network infrastructure, enterprise integration and regulatory compliance solutions for the healthcare, financial services, educational services and real estate industries. We bring meaningful and practical insights and guidance to our clients, we are disciplined in our methods, we are responsible stewards of our clients’ resources and we are generous in our service.

About Blass Consulting, LLC

Blass Consulting LLC (BC LLC) was formed in 2001 to provide healthcare consulting services and software to healthcare providers, clearinghouses and payers. Clients range from small practitioners to large providers, clearinghouses and payers. Blass Consulting provides healthcare entities with innovative software and professional consulting services which assist them in meeting their short-term tactical and long-term strategic goals and objectives with quality results.

Editor’s Note:

CynergisTek, Inc. is located at 8303 North MOPAC Expressway, Suite B-128, Austin, Texas 78759. For more information, please contact CynergisTek, Inc. via telephone (512) 402-8550; fax (512) 857-0700; or visit our website at http://www.cynergistek.com.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Kurt Somerholter