HIPAA Frequently Asked Questions

We have HIPAA under control, why do I need this?

Three very important reasons:

  1. It has built in HIPAA expertise that most companies don’t have available especially with changing regulations.
  2. You can complete your annual security risk assessment (required by HIPAA) more quickly. It will validate your cyber security and/or act as a check for any outsourced cyber security services (with your MSP or MSSP).
  3. You can now track your compliance across people (with our training) processes (with our updated policies and procedure)s, technology (through our vulnerability scans) and manage business associates’ compliance in one place using your CyberCompass™ 12 month subscription.

  A recent survey showed only 19% of companies are managing and tracking their cyber risk and compliance, especially with vendors. Why? Most don’t have the expertise or the tools to monitor and manage across your organization. With CyberCompass™ you can become vigilant, relentless, and resilient towards cyber crime across your entire organization.

 

How do I activate my account? Do I have to download something?

Contact our partner, Third Rock.

CyberCompass™ is cloud-based.  You don’t have to download anything.

 

What is CyberCompass™ software and how does it work?

First of all you don’t need to be a HIPAA or Cyber Security Expert.

CyberCompass™ software translates government requirements into layman’s term, doing most of the heavy lifting for the analysis.  You start with your security risk assessment that is an online survey that walks your broker or staff member through questions that are designed to determine your practice’s level of cyber security and compliance. CyberCompass™ includes an online secure vault capability for you to upload all your supporting documentation or “body of evidence” required to maintain for 5 years as you complete the assessment.

 Once you complete the survey (by the way you will immediately meet one of the compliance requirements by HIPAA), you will receive a report spelling out items that need to be addressed and how to correct them.  It even prioritizes those items so you can focus on where you have critical vulnerabilities and non-compliance.

  

How long does it take to complete the assessment? Can I assign other employees to answer questions when I don’t know the answer?

You don’t’ have to be an expert to complete the assessment. The survey questions are written in layman terms and the answers are all in Yes/No/Not Available format.  CyberCompass™ has built in library and references for each question so you can easily understand how it corresponds to the regulations. You can flag the question if you don’t know the answer.  All the flagged questions are tracked.  With CyberCompass™ you can assign a question or task to someone.  They will receive an email with a deadline.  All the responses are tracked in CyberCompass™. Without professional assistance, CyberCompass™ clients can complete in about three hours.

  

I have multiple entities, can I use CyberCompass™ with different locations and/or different departments?

We recently launched CyberCompass™ Enterprise, our latest update, has a Task Management System (TMS) feature for consultants and client administrators to assign tasks to client users without having an account on CyberCompass™ to drive for faster response.   Our TMS features allow a secure link assignment to be emailed, giving the assigned user access to the specific task. Now the consultant can assign a survey from an assessment to either an internal or external user, using the TMS. The recipient will be assigned a deadline to answer the survey questions before receiving auto-generated reminders

 

What does results of assessment show and what do I do with them?

Most clients of CyberCompass™ are surprised that the results of the assessment.  The report, which can be kept confidential or shared with your managed service provider, often confirms the reality that 90% of breaches that happen every year come from very simple, easy to solve problems and not big-ticket items.   Most clients discover they are not following the basics of securing client information and not have a plan if a breach happens to reduce business disruption costs.  CyberCompass™ gives you the ability to gain visibility to your vulnerabilities, outline the actions you need to take to improve your cyber security, and monitor your progress to increase your cyber resilience and compliance.

 

How does CyberCompass™ automate compliance?

CyberCompass™ automates most of the compliance requirements with a complete set of policies and procedures and all the compliance plans documentation. With CyberCompass™ you learn the basics of cyber security hygiene and incorporate them into your culture for better protection across people, processes, technology and vendors.