Medicus Solutions HIPAA Security Customer Edition

This communication is being sent to our current Medicus Solutions clients only. Please take a moment to read the entire email (5-10 minutes) as it relates to the HIPAA security of the practice. This is being sent to only the 'primary contact' on the practice's account with Medicus, thus please forward to the practice's HIPAA Privacy & Security Officer or appropriate person if you do not know who that is.

As communicated a week ago in our first Medicus Solutions HIPAA Security Series article volume 1, click here for article , we have continued to stay ahead of changes and requirements revolving around the HIPAA Security Rules (Omnibus Ruling).

A majority of our practices rely heavily on the Medicus team to provide them with information on the security rules. We have attended dozens of seminars, webinars, and read through the rules in depth. We have taken this further to consult with a number of HIPAA compliance organizations and industry attorney experts and havecome to the conclusion there is a lot of different information out there and it can all be very confusing. How is a practice supposed to make heads or tails of the confusion? That is where Medicus can help.

Medi-HIPAA Pack 1

We are committed to providing our practices the best help through the HIPAA compliance process. This is the first step to helping put some of the security rule concerns behind you.

Best of all, the Medicus Medi-HIPAA Pack 1 is included in your standard monthly support agreement at no extra charge.

The Medicus Solutions team will be rolling out the Medi-HIPAA Pack 1 for all clients in alphabetical order from A-Z starting the week of August 19th. During the rollout process, we will reach out to each practice prior to making any changes in your environment, review the recommended changes with you, review any potential impacts to expect, and request that you communicate the changes to your team prior to the changes being made.

Below is a high level listing of what Medi-HIPAA Pack 1 includes:

- Remote Access Policies
- Password Enforcement Policies
- Security Audit Policies
- Network Security Policies
- Computer Lockouts Policies
- Computer Screensaver Policies
- Removable Storage Access Policies
- Terminal Server Session Lockouts Policies

- Quarterly Security Log Review
- Quarterly User Access Review
- Annual Assistance w/ Risk Assessment
- New User Request Forms
- Terminated User Request Forms
- Wireless Network Security Policies
- Hard Drive Shredding Services + Certificates of Destruction¹

Additionally to help with your HIPAA compliance requirements, we will be send the practice's documented HIPAA Privacy & Security contact a number of reports with information for you to electronically store. Save these and update your HIPAA Security & Policy Manual Logs that you received/reviewed this information:

Monthly Antivirus Report
Monthly Computer/Server Patch Report
Quarterly Active User Report
Weekly Backup Report²

Again, the Medi-HIPAA Pack 1 is FREE for all Medicus Practice++ customers; just one more way that we continue to show our dedication to our customers and helping you mark one more item as

Medi-HIPAA Pack 2

Over the past few months, Medicus Solutions has been testing a number of logging software packages and vulnerability scanners. We have purchased the SonicWALL Global Management System (GMS) which provides for central management of firewalls. Additionally we have selected a couple different solutions for vulnerability scanning and network mapping.

With the HIPAA Security Rules, there are items which specifically address backup testing, network mapping, system user logging, network monitoring, and even vulnerability scanning. These are all items which the Medi-HIPAA Pack 2 is intended to address. The Medi-HIPAA Pack 2 is intended to be in addition to Medi-HIPAA Pack 1 to help close the gaps of security and monitoring. Below are the items which:

Firewall Security Monitoring and Review
Firewall Firmware updates³
Backup Testing²
System Vulnerability Scanning (Annually)
Network Mapping
Monthly Firewall Reporting; includes:³

- Data usage
- Application Usage
- Web Activity
- Web Filtering
- Intrusion

- Gateway Antivirus
- Gateway Spyware
- Gateway Attacks
- Up/Down Status
- VPN Access Usage
(SonicWALL VPN Usage)

Both the firewall management license and vulnerability scanning have annual costs associated with them. Since 90% of our customers are ambulatory healthcare facilities we have negotiated a large purchase of the SonicWALL GMS management licenses as well as vulnerability scanning licenses. Both of these are per firewall / public IP address to be managed or scanned. We have worked with some of our clients and solicited feedback on the best way to roll this out to practices to make it cost effective and feasible for them to implement these solutions. Instead of charging a large upfront cost to practices each year, we have decided to provide this on a monthly basis and cover the upfront capital investment on our end.

The cost is for Medi-HIPAA Pack 2 is $49 per customer per month (including 1 location) and $30 per month for each additional location. We will be sending out an electronic proposal customized to each practice by the end of the week and will begin to roll this out to practices on a first come, first serve basis upon receipt.

Note: While the following information will be sent out in the HIPAA Security Article Series, vulnerability scanning is not only a HIPAA Security requirement; however is a requirement under CORE requirement 15 of the Meaningful Use Requirements for reimbursement.

¹ We have a HIPAA Business Subcontractor Agreement in place with our destruction company for both our clients and our own protection under HIPAA requirements.

² Requires Datto backup device with offsite backup and disaster recovery. Additionally Medicus Solutions has a HIPAA Business Subcontractor Agreement in place with Datto Backup for both our clients and our own protection under HIPAA requirements.

³ Requires SonicWALL firewall with current security subscription

August 2013
HIPAA Security Article - Customer Edition
In this issue:

	Medi-HIPAA Pack 1
	Medi-HIPAA Pack 2
	Need Some Extra Cash
	Cartoon & Did You Know

Need Extra Cash?

Medicus wants to provide you a little extra cash.

How you ask?

Well that is simple, simply like on the link below to refer another practice to us. When the practice signs up for the Medicus Solutions Practice++ Support, we will send you an American Express Indulge Gift Card!

Medicus Solutions Referral Program

Click Here to Refer a Practice!

Laugh a Little

Did You Know?

Did you know that Medicus Solutions offers the following:

e-Mail Hosting (Exchange)
Secure e-Mail
Cloud Hosting
Backup Solutions
Telecom
(Phone / Internet Services)

Medicus Solutions, Inc.
3780 Mansell Rd, Ste 250
Alpharetta, GA 30022
678-495-5900
www.msinc.com

[unsubscribelink]