- Step 1: Local Full Scan & Remote Node Discovery
- Step 2: User Selected Remote Full Scanning
- Step 3: Generate HIPAA IT Security Compliance Reports (3 total reports)
xTerraLink was awarded a California State Board of Equalization enterprise wide independent security architecture assessment contract. xTerraLink's unique Information Security and Privacy Assessment Framework coupled with its experience edged xTerraLink over its closest competitor.
In February, xTerraLink's President and CEO co-presented with Ms. Joanne McNabb, Director of Privacy Education and Policy, on security breaches and HIPAA privacy and security compliance at the Midwinter Sacramento District Dental Society.
In Feb. 2015, xTerraLink was awarded a subcontract agreement with the State Compensation Fund to help support the Fund's Information Security Program.
In Aug. 2015, xTerraLink was awarded a contract with the California State Auditor.
In Sep. 2015, xTerraLink's President was part of a subject matter expert panel on information security.
MedSecurePro™ HIPAA IT Automated Security Compliance Module is an agentless, light weight and easy to use application which any user (IT or non-IT) with access to administrator privileges can download and run (no software installation is required) on a designated machine (preferably a Domain Controller/Server - but any machine will do - with Wi-Fi card installed that have internet access).
Upon running the application, the tool automatically performs an initial but full scan on the local machine and performs Asset Discovery on all remote machines (e.g., windows desktops, servers, network devices, laptops, etc.) that are available on your private network. This is performed remotely, without any client or agent installation – provided that the remote machine satisfies scanning requirements and not blocking the request.
During this Asset Discovery Process (initial scan), the tool collects all software, hardware and security configurations asset information from the local machine and scans it against a full set of HIPAA IT Security requirements. Additionally, the tool provides a list of all discovered machines on your network that will be awaiting user’s selection to have the tool to perform a full scan.
If the user decides to scan one or more (or all) networked or remote machines, the tool will scan each selected remote machine sequentially against a full set of HIPAA IT security requirements.
Upon completion of any scan (local and/or remote), the tool automatically generates three (3) technical documents or compliance reports associated with the HIPAA IT security requirements.
The generated compliance reports (PDF format) are as follows:
A comprehensive list of discovered vulnerabilities will be shown in the "HIPAA IT Security Risk Assessment Report." with an overall risk level (score) based on the guidelines in NIST SP 800-30,
The overall risk score is a composite score for all vulnerabilities found on the LAN (local and remote). We strongly believe that security is only as strong as the weakest link. Therefore, to eliminate or reduce vulnerabilities and thus reduce the overall risk score, all machines on your private LAN should be remediated for any gaps or vulnerabilities identified in the Risk Assessment Report.
The HIPAA IT Security Management Plan is a special presentation of issues and risk by their criticality that the user will need to update on the status of his/her remediation plan and completion date (editable PDF form). The Management Plan provides guidance for which issues to address by priority. Overall risk is mitigated by fixing issues with higher risk scores first.
A detailed mapping of each scanned computer against each requirement is found in the "HIPAA IT Security Supporting Document".