VAGE offers an affordable and competetive package for the HIPAA and Cybersecurity compliance assessment for both Small-size healthcare organizations and large hospital systems. The assessment process occures in 3 simple phases:

1) After drafting a Security Assessment Plan (SAP), VAGE conducts a scheduled short on-site (office) visit to assess Operational, Management and Physical (virtual) controls implemented for the protection of healthcare data. Assessment is tailored to the State and Federal complaince checklist.

​

2) Five business days after the office visit, VAGE provides the client with a complete Security Assessment Report (SAR) that captures all compliant and non-compliant findings, with recommendations on fixing non-compliant findings.

​

3) Upon remediation of the non-compliant findings, VAGE will provide a Certificate of Complaince (CoC) that does not replace a State Audit, but indicates proof of due dilligence in the event of an audit.

​

WHY SHOULD ORGANIZATIONS COMPLETE THIS ASSESSMENT?

In Virginia, healthcare providers are subject to both federal and state cybersecurity requirements to protect patient information and ensure system integrity.

​

Federal Requirements:

• Health Insurance Portability and Accountability Act (HIPAA): HIPAA mandates that healthcare organizations implement administrative, physical, and technical safeguards to protect electronic protected health information (ePHI). This includes conducting regular risk assessments, ensuring data integrity, and providing security awareness training to staff.

• Health Infrastructure Security and Accountability Act (HISAA): Proposed in September 2024, this federal legislation aims to establish mandatory cybersecurity standards for healthcare entities. It would require annual independent cybersecurity audits, stress tests, and the development of minimum cybersecurity standards for healthcare providers, health plans, and business associates. The bill also proposes increased penalties for non-compliance and funding to assist hospitals in meeting these standards.

​

Virginia State Requirements:

• Virginia Cybersecurity Regulation: Effective July 1, 2022, this regulation requires certain entities, including healthcare providers, to implement specific cybersecurity measures. Key provisions include:

  • Risk Assessment: Entities must conduct regular risk assessments to identify and address cybersecurity threats.

  • Reporting Requirements: Entities are obligated to report cybersecurity events to the Virginia State Corporation Commission (SCC) within specified timeframes.

  • Implementation Deadline: Compliance with these requirements was mandated by July 1, 2022.

​

• Virginia Hospital Community Cybersecurity Guidelines: The Virginia Hospital & Healthcare Association has developed guidelines to help hospitals and health systems protect against cyber threats. These guidelines provide best practices and recommendations tailored to the healthcare sector

• Healthcare providers in Virginia must adhere to these federal and state regulations to ensure the security and confidentiality of patient information.

​

Email us to Learn More about this Package:  admin@vagesecurity.com

​