Cybersecurity Assessment Services Sample Clauses

Cybersecurity Assessment Services. A. HIPAA Audit Services 1. Conduct a thorough analysis of the current standing of County business practices in relation to the HIPAA Privacy Rule and the HIPAA Security Rule. This will include current County operations and policy status as compared to HIPAA Privacy and Security Rule standard (45 CFR §164.308, 164.310, 164.312, 164.314, 164.316) and specific remediation steps to correct potential violations. The Analysis will include all HIPAA connected offices and departments, related administrative policies and procedures, physical facility and office conditions, and information technologies in use by County. 2. Compare HIPAA Privacy and Security regulations with all California state security and confidentiality statutes and identify which state statutes are more restrictive than the federal law. 3. Conduct onsite visits of all involved agencies in order to evaluate physical structures to determine if building or space modifications are required to comply with HIPAA Privacy and Security regulations or other state privacy and security statutes. 4. Interview selected management and staff members regarding common privacy and security related practices within agencies and between agencies to include, but not be limited to, disposal, storage, and encryption practices or procedures. 5. Identify all information systems and communication networks that store, maintain, or transmit electronically-stored Protected Health Information (“ePHI”) and determine compliance with HIPAA Privacy and Security regulations or other state privacy and security statutes. 6. Evaluate the potential risks, including all associated potential financial costs (inclusive of, but not limited to, notifying the public of release of Protected Health Information (“PHI”) and other financial exposure), associated with how the different agencies collect, use, manage, house, disclose and dispose of information and evaluate options or changes to current practices in order to meet HIPAA Privacy and Security regulations or other state privacy and security statutes. Evaluate risks related to management, investigation and remediation of privacy and security breaches. 7. Analyze the current County physical and electronic PHI-handling and monitoring practices against the requirements of HIPAA Privacy and Security regulations and identify areas of non- compliance. 8. Review County procedures for release, disclosure and recording of health information for compliance with each of the following HIPAA Privacy ...