HELP WITH HIPAA

OFMQ has been providing Security Risk Management solutions within the healthcare sector for over 10 years.

Specifically, OFMQ has helped covered entities and business associates comply with HIPAA Security Rule requirements by performing risk assessments, developing policies & procedures, delivering security awareness training, and providing full-service risk management support.  

OFMQ provides the following resources:

  • Risk Assessments

  • Policies

  • Procedures

  • Security Training

  • Security Reminders

  • Security Controls

  • Technical Consulting

  • Phishing

  • Personnel

We have helped thousands of providers in our region, across all settings of care, ranging in size from single physician practices to large enterprise health systems.  We have also aided organizations (Business Associates) supporting the healthcare sector that must comply with regulatory standards.

Through OFMQ’s initiative, organizations have been able to identify risks and develop risk management plans to avoid costly breaches.  Furthermore, organizations have utilized our tools to satisfy HIPAA requirements for various payment programs and to respond to breach investigations on behalf of the Office for Civil Rights (OCR).

Failure to perform an organization-wide risk analysis and failure to manage security risks are two of the most common HIPAA violations that have resulted in financial penalties.

Our Services

Security Awareness Training

Security Risk Assessment

Risk Management

Once your organization has performed a HIPAA risk assessment, you will need to work on your mitigation plan. In other words, you must interpret the findings of that report and develop a risk management program.

OFMQ can provide as much support as needed for this process, including:

  • Create HIPAA risk management team

  • Attend and/or facilitate HIPAA risk management meetings

  • Meet with key personnel and resource owners to provide technical guidance and recommendations for remediation activities

  • Development of formal strategies and timelines for corrective actions

  • Review of HIPAA documentation revisions

  • Review of HIPAA risk assessment remediation activities

Failure to manage identified risks is one of the most common HIPAA violations penalized by the Office of Civil Rights. OFMQ has helped organizations implement a formalized and continuous process for responding to and managing risks identified during the risk analysis.