Compliance as a Service (CaaS)

  • Ohio Safe Harbor
  • PCI
  • FTC Safeguard


The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule provides federal protections for individually identifiable electronic protected health information (e-PHI) held by covered entities and their business associates. It gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes.

The main points associated with the requirements of your IT infrastructure are listed below. Compass Computer Group has helped many assisted living facilities, medical offices and dental practices with services and solutions that meet HIPAA requirements.

Administrative Safeguards

  • Security Management Process – Identify and analyze potential risks associated with e-PHI. Security measures must be implemented that reduce risks and vulnerabilities to a reasonable and appropriate level.
  • Information Access Management - Policies and procedures must be implemented for authorizing access to e-PHI.
  • Workforce Training and Management - Provide appropriate authorization and supervision of workforce members who work with e-PHI.
  • Evaluation - Perform a periodic assessment of how well its security policies and procedures meet the requirements of the Security Rule.

Physical Safeguards

  • Facility Access and Control – Limit physical access to its facilities while ensuring that authorized access is allowed.
  • Workstation and Device Security – Implement policies and procedures to specify proper use of and access to workstations and electronic media. A policy and procedures must be place regarding the transfer, removal, disposal, and re-use of electronic media, to ensure appropriate protection of e-PHI.

Technical Safeguards

  • Access Control – Implement technical policies and procedures that allow only authorized persons to access e-PHI.
  • Audit Controls – Implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-PHI.
  • Integrity Controls – Implement policies and procedures to ensure that e-PHI is not improperly altered or destroyed. Electronic measures must be put in place to confirm that e-PHI has not been improperly altered or destroyed.
  • Transmission Security – Implement technical security measures that guard against unauthorized access to e-PHI that is being transmitted over an electronic network.


Ohio Safe Harbor

(Ohio Title 13 Chapter 1354 – Cybersecurity And Safe Harbor)

Ohio has instituted a Safe Harbor law (Nov 2nd, 2018). Should a covered entity seek an affirmative defense they will need to create, maintain, and comply with a written Cybersecurity Program. It must be modeled after an Ohio-approved cybersecurity program, adhere to governing laws agile enough to adapt to revisions made to the cybersecurity or law frameworks.