The Code of Federal Regulations (CFR) is the codification of the general and permanent rules published in the Federal Register by the departments and agencies of the Federal Government. It is divided into 50 titles that represent broad areas subject to Federal regulation. Each title is divided into chapters, which usually bear the name of the issuing agency. Each chapter is further subdivided into parts that cover specific regulatory areas. Large parts may be subdivided into subparts. All parts are organized in sections, and most citations to the CFR refer to material at the section level.
The solution provided by DGP addresses statuary requirements as defined in:
HIPAA/HITECH FEDERAL REGULATION 45 CFR § 164.308(a)(1)(ii)(B)
Risk Assessment and Gap Analysis
Risk Analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.
Data Guardian Pros delivers an Online Security Program ‘Gap Analysis’ designed to assist your dental practice in obtaining full compliance with the appropriate regulations, guidelines and/or best practice standards.
In today’s competitive, regulated and litigious market place, dentists need to adhere to best practices for risk management. Data Guardian Pros has the knowledge and expertise to provide you a simple online workflow to improve your risk assessment process, provide a meaningful gap analysis, and recommend risk mitigation strategies, ultimately improving efficiency.
Our gap analysis comprises a series of questions across your dental practice and seeks to that adequately addresses the intent of each requirement. Each question is answered ‘Yes’, ‘Partly’ or ‘No’ and will include justification for each response answered yes and partly, along with auto suggested mitigation actions for no responses. The identified gaps provide an insight into the areas within your information security program which need to be improved.
The gap analysis process involves determining, documenting and obtaining recognition of the variance between the requirements set forth in the regulations and/or best practice standards and the organization’s current information security program. Once the gaps are identified a remediation plan, call it “a treatment plan” will be provided that both you and your current IT consultant can follow.