info@xterralink.com (916) 608-9902 LiveChat

HIPAA Solutions

Safeguarding Your Information Assets

HIPAA IT Automated Security Compliance Module

HIPAA IT Automated Security Compliance Module

MedSecurePro™ HIPAA IT Automated Security Compliance Module is an agentless, light weight and easy to use application which any user (IT or non-IT) with access to administrator privileges can download and run (no software installation is required) on a designated machine (preferably a Domain Controller/Server - but any machine will do - with Wi-Fi card installed that have internet access).

The process to create a HIPAA IT Security Risk Assessment using the automated tool involves three simple steps:

  • Step 1: Local Full Scan & Remote Node Discovery
  • Step 2: User Selected Remote Full Scanning
  • Step 3: Generate HIPAA IT Security Compliance Reports (3 total reports)

Step 1: Local full Scan & Remote node Discovery:

Upon running the application, the tool automatically performs an initial but full scan on the local machine and performs Asset Discovery on all remote machines (e.g., windows desktops, servers, network devices, laptops, etc.) that are available on your private network. This is performed remotely, without any client or agent installation – provided that the remote machine satisfies scanning requirements and not blocking the request.

During this Asset Discovery Process (initial scan), the tool collects all software, hardware and security configurations asset information from the local machine and scans it against a full set of HIPAA IT Security requirements. Additionally, the tool provides a list of all discovered machines on your network that will be awaiting user’s selection to have the tool to perform a full scan.

Step 2: User Selected Remote Full Scanning:

If the user decides to scan one or more (or all) networked or remote machines, the tool will scan each selected remote machine sequentially against a full set of HIPAA IT security requirements.

Step 3: Generate HIPAA IT Security Compliance Reports (4 total reports):

Upon completion of any scan (local and/or remote), the tool automatically generates four (4) fully encrypted documents or compliance reports associated with the HIPAA IT security requirements.

The generated compliance reports (PDF format) are as follows:

  • Report 1: HIPAA IT Security Risk Assessment Report
  • Report 2: HIPAA IT Security Management Plan
  • Report 3: HIPAA IT Security Supporting Document
  • Report 4: HIPAA IT Security Asset Inventory Report

A comprehensive list of discovered vulnerabilities will be shown in the "HIPAA IT Security Risk Assessment Report." with an overall risk level (score) based on the guidelines in NIST SP 800-30,

  • Risk Management Guide for Information Technology Systems.

    The overall risk score is a composite score for all vulnerabilities found on the LAN (local and remote). We strongly believe that security is only as strong as the weakest link. Therefore, to eliminate or reduce vulnerabilities and thus reduce the overall risk score, all machines on your private LAN should be remediated for any gaps or vulnerabilities identified in the Risk Assessment Report.

    The HIPAA IT Security Management Plan is a special presentation of issues and risk by their criticality that the user will need to update on the status of his/her remediation plan and completion date (editable PDF form). The Management Plan provides guidance for which issues to address by priority. Overall risk is mitigated by fixing issues with higher risk scores first.

    A detailed mapping of each scanned computer against each requirement is found in the "HIPAA IT Security Supporting Document".