HIPAA Compliance Maintenance Program (HCMP)

HIPAA Compliance Maintenance Program

The Administrative Safeguards provision, under HIPAA Security Rule, requires covered entities to perform risk analysis as part of their security management processes. The rule also states to maintain a  continuous, reasonable, and appropriate security protections. Risk analysis should be an ongoing process, in which a covered entity regularly reviews its records to track access to e-PHI and detect security incidents, periodically evaluates the effectiveness of security measures put in place, and regularly reevaluates potential risks to e-PHI

 HIPAA compliance Maintenance Program

As an add-on feature to our online DIY HIPAA Compliance toolkit and  HIPAA compliance consulting services,  we offer HIPAA Compliance Maintenance Program (HCMP).   

HIPAA Compliance Maintenance Program Benefits Includes:

1. HIPAA/HITECH assessment (includes SRA) report review and recommendations (Applicable only for online DIY toolkit customers)

Two-hour report review and recommendations by a certified EHR 2.0 compliance and security analyst. Additional hours, if needed, will be billed separately.

2. Semi-annual evaluations of risks and recommendations

3. CMS/HHS audit support guarantee
Audit guidance from a certified security professional to help you:
• Understand your CMS/HHS notice and answer all your audit-related questions
• Audit guidance from an experienced and certified security professional via email or phone
• Year-round answers to your audit questions; and
• Assistance with what to expect and how to prepare for the audit

4. Data breach risk assessment tool
Use this online data breach risk assessment tool to quickly determine if a security incident should be reported as a data breach per HIPAA Rule 45 CFR §§ 164.400-414. Access to our web-based data breach assessment tool. If a data breach does occur, this tool is designed to help you determine if reporting the breach is required or not, as not all data breaches need to be reported to HHS.

5. Quarterly Security Vulnerability Scan Report

Quarterly Security Vulnerability Scan Report of all your external facing hosts. This scan will alert you of any external attacks by hackers of your ePHI and offer recommendations to mitigate the risks.

6. Staff training on HIPAA security awareness for up to 25 staff

7. Free access to informational webinars on HIPAA related topics by industry leaders

8. E-mail support for HIPAA security and privacy related topics

9. Quarterly security reminders for staff. Our reminders will discuss best practices for maintaining compliance and security of your practice staff.

What’s not covered by the CMS/HHS audit support guarantee?

EHR 2.0 Audit support guarantee does not cover:

• Legal advice
• Audit notices or letters received for previous work not performed by EHR 2.0
• Documents developed using non-EHR 2.0 toolkit/consulting services
• Reports that were prepared or submitted in violation to the EHR 2.0 End-User License Agreement
• Medical practices with more than 2 sites and 5 physicians (toolkit  customers)

Visit the EHR 2.0 HHS/OCR audit support center to learn more about our audit advisory services.

qualysEHR 2.0 has partnered with Qualys, one of the top vulnerability management platforms, to identify and evaluate potential threats in your network then determine solutions and recommendations. EHR 2.0 adds our own insight that takes into consideration unique needs of the healthcare industry.


To learn more about how EHR 2.0 can help you meet the ever-changing healthcare compliance landscape, Call us today at 866-276-8309 or email us at info@ehr20.com.