Why Senior Care Organizations Should Get a HIPAA Security Assessment (HSA)

From caregiver mobile apps to “smart” homes, digital tools are becoming a necessity for seniors transitioning between types of care. As care goes more digital, it becomes more critical than ever for senior living organizations to protect their IT systems against data breaches and the costly HIPAA fines that come with them.

HIPAA Compliance in Senior Living 

The Health Insurance Portability and Accountability Act (HIPAA) is a government legislation designed to protect health-related data, ranging from employee information to patient records. HIPAA helps to hold U.S. healthcare organizations accountable for protecting data when switching from paper to electronic record systems.

Healthcare is going more digital by the day, particularly in senior care. Obtaining and maintaining HIPAA compliance is an ongoing cybersecurity role, which senior care organizations may consider outsourcing. At vcpi, we understand the unique HIPAA challenges in home health and assisted living, and how they differ from brick-and-mortar healthcare companies. For example, the Covered Entity must educate all employees, including home health workers, on how to remain HIPAA compliant. Home health employees who use their own devices are at greater risk of loss and theft. It is unsafe to allow personal device use for agency work unless proper security measures are implemented.

Vcpi HIPAA Assessment Services 

The scope of vcpi’s HIPAA Security Assessment (HSA) details the enterprise-wide administrative, physical, and technical controls that protect a company’s Protected Health Information (PHI) in multiple forms.

Typically, our team visits client sites and conducts phone calls to obtain information for the HSA, which includes their existing cybersecurity documentation. We analyze the technical, administrative, and physical security controls, assigning risk levels to each as well as recommendations for improvement. Our reports also present the client’s current compliance levels based on the HIPAA Security Rule and HITECH Act.

We present findings and recommendations on how to remediate risks to organizational management.

Note: These reports are not intended to make a statement or declaration on the client’s overall compliance with HIPAA Security Rule, HITECH Act, or any other applicable regulations. Compliance statements are the clients’ and appropriate regulatory enforcement authority’s responsibility.

Assessment Methodology 

Our HIPAA Security Assessment (HSA) leverages the HIPAA Security Rule and HITECH Act requirements to assemble a baseline of security control objectives.
Vcpi works with clients to perform the following:

  • Obtain necessary documentation
  • Complete assessment paperwork
  • On-site visits
  • Identify, discuss and follow up on findings

First, our team assesses the client’s existing documentation, including company policies, standards, procedures, and related Information Security governance documents. We record every piece that satisfies control objectives in the HSA.

After analyzing documentation, we meet with key client security representatives to discuss their security control environment. We typically conduct these discussions with the review and testing or remaining physical, technical, and administrative controls to measure their effectiveness.

Risk Ratings

After collecting and analyzing security control data, our team assigns risk ratings to each control. These findings explain the severity of the risk and potential impacts on the client’s business operations, information assets, and systems. The below graphic displays a typical outcome:


Cost is variable based on scope, industry, and related factors.

10 Best Practices for Secure Web Browsing for Senior Living Communities

We all know how easy it is to get distracted while surfing the web.  A related story here, a special offer there, and suddenly you’re running in a whole different direction from where you started. However, that seemingly innocuous link may prove to be a trap, divulging information you never intended to share. So it’s increasingly important you develop browsing habits that will help you improve the security of your online activities.

Below we’ve put together a list of simple recommendations that will significantly strengthen your browsing security.

The Benefits of a Digital Workspace


The importance of providing an effective digital workspace has been accelerated by the ongoing pandemic. This crisis has greatly increased the adoption of remote working, the use of mobile devices, and the need to provide your employees with a platform to easily and securely access the applications and information they need to collaborate on a daily basis. In addition, the unprecedented adoption and convergence of mobility, cloud, virtualization, and advanced cybersecurity technologies presents a challenging ecosystem for IT teams to maintenance and manage. Traditional workspaces are quickly becoming a thing of the past, while digital workspaces are becoming powerful competitive differentiators as businesses seek new levels of agility in their processes, and service delivery methods, while providing greater flexibility for their employees by optimizing the remote collaboration experience.

Announcing: Dan Bradford – HDI Brew City 2021 Analyst of the Year!

vcpi_email_HDI 2021 analyst of the year Dan BIn 2004 HDI, an international organization for technical support professionals, introduced the Analyst of the Year award. Each year, HDI works with their local chapters around the globe to identify the industry’s top first-level support analyst. Individuals who are nominated at the local chapter level compete with their peers locally, regionally, and globally for this prestigious award.  

How IT Plays a Big Role in Senior Living M&A

Our team works diligently to fully understand our senior care clients’ needs and strategic growth directions.  We strive to deliver solutions to clients before they need them, essentially, to skate where the puck is going, not to where it has been. For many years, we’ve provided technology infrastructure planning and reliable implementation for senior living clients that are pursuing mergers, acquisitions and divestitures. 

Physiatry in Post-acute Rehab in the age of COVID-19

SM_VP Friday Webcast_Gary

As part of Micah Hunt’s popular “Virtual Presentation Friday” event, vcpi’s Gary Jones joins Dr. Deborah Oranchak and Glen Rundell on January 22, 2021 from 11-12 EST for a live discussion focused on the role of physiatrists (physicians specializing in rehab and tele-rehab) in restoring functional ability and improving outcomes for those with physical or cognitive impairments or disabilities.

Don’t Fall For It!!!

Linkedin_SM_cybersecurityawarenessmonth2020_3Think that email offering a $5 Starbucks gift card is legitimate?  Received an email from the bank but didn’t expect it?  Is your healthcare provider asking for sensitive information via email?  Don’t fall for it! This technique is called phishing, and it’s a way hackers con you into providing your personal information or account data. Once your info is obtained, hackers create new user credentials or install malware (such as backdoors) into your system to steal sensitive data.

Argentum 2020 Senior Living Executive Conference

Linkedin_20200920 argentum Beau

Argentum‘s Senior Living Executive Conference is happening live online September 22-24. While we are disappointed that we will not be together in person, you can stop by our virtual booth to chat about your IT needs and challenges, learn about new services like telehealth, vCIO and register to win a tech assessment valued at $2,500!