We understand that many small HIPAA-Covered Entities or Business Associates have limited resources to invest in their patients' (or their own) protection. For these organizations, we offer a One-Time HIPAA Compliance package. This package includes:

• HIPAA Policy and Procedures Document
• HIPAA Risk Analysis
• HIPAA Management Plan
• Evidence of HIPAA Compliance

These core documents will help you meet your responsibility of having an audit conducted.

Conducting a comprehensive Risk Assessment is one thing, but that really should not be the "end" for your HIPAA compliance… It should be the "means" to the end. Your assessment is more-than-likely going to uncover a number of issues that need to be addressed.  Some of these issues may be nothing more difficult than learning how to password-protect your desktop and screensaver.  But others could be much more serious and involved, like changing the data back-up and recovery program or reconfiguring your network firewall and other security settings.  We will provide a Risk Score Matrix that will prioritize the work that should be done based upon potential impact to your business and likelihood of occurrence.  You will have the option to sign up for a Remediation Project that will address those issues that carry the highest risk, and highest fines.

Organizations are not static, nor are their networks.  New computers, software, mobile devices, equipment and files are continually being added onto the network throughout the year.  And even with a relatively stable IT environment, most organizations' employees come and go, and change positions within the organization at a regular rate. A HIPAA assessment performed today has a "shelf-life." How long really depends on a number of factors, including the type of the business, size of the organization, and speed of change.

Best practice is to have a HIPAA assessment performed at some regular interval (but no less than once a year as required by law) to ensure that the organization is not only compliant at the time of the Risk Analysis – or upon completion of the follow-on remediation project – but that it REMAINS compliant at all times.

After your initial assessment and remediation project is complete, we set you up with a schedule of periodic re-assessments, which we call WorryFreeMD Monthly Risk Profiles, to ensure continued on-going compliance.

We provide a full WorryFreeMD HIPAA Compliance Risk Assessment as a value added component of our comprehensive WorryFreeMD managed services contract. The value of our WorryFreeMD Assessments go well beyond just HIPAA Compliance.