GSG Compliance assists you in the next steps: 

1.     Contract and partner with GSG Compliance to have a Security Risk Assessment (SRA) completed.

• The SRA is a comprehensive questionnaire that highlights existing and potential security and privacy violations.  Every Covered Entity must have a Security Risk Assessment completed each year.  Should an audit take place, the SRA will be the covered entities main defense and what illustrates how the entity is protecting its PHI.


• We will assist you in completing the questionnaire.  This may include working with the current IT Provider, EHR Vendor, as well as any other business partners that may have access to PHI or have an influence on your Covered Entity's security and privacy. 

2.     Have GSG Compliance run a remote Network Vulnerability Scan. 

• This is a software scan of the practice's network to alert you to any vulnerability from various hardware components, portals, access points, etc. 


• GSG Compliance will provide you with a summary of the results. 

3.     Update or create Business Associate Agreements. 

• As a Covered Entity (CE), any business associate or partner that has access to patient information must have a completed Business Associate Agreement that includes the new Omnibus rules in effect as of 2013. 


• Some examples of common business associates to a medical practice are:  IT Vendors, EHR/PM Vendors, EDI Vendors, Billing Partners and Transcription Companies. 


• GSG Compliance will help you determine which of your business associates need to have Business Associate Agreements.

4.     Update or create Information Security Policies. 

• Covered Entity must have written and HIPAA compliant Information Security Policies.


• GSG Compliance will assist in review of existing policies and recommend any additions or modifications to make sure the Covered Entity is compliant.  This may require staff training and the need to address other areas. 



Get Started

If there is any way we can help you, please contact us:

GSG Compliance, LLC
2300 Lakeview Parkway, Suite 700
Alpharetta, GA 30009
877-828-8809 (fax) 

As a covered entity, you are responsible for making sure that efforts are being made to protect and secure PHI.