Posted Date : August 06,2019
Product (RFP/RFQ/RFI/Solicitation/Tender/Bid Etc.) ID : EXTRA-6136
Government authority located in Boone, North Carolina; USA based organization looking for expert vendor for HIPAA consulting service.
[A] Budget: Looking for Proposals
[B] Scope of Service:
(1) Vendor needs to provide HIPAA privacy and security gap analysis and prepare a written report that includes specific prioritized short and long-term recommendations for HIPAA privacy and security compliance for each campus covered entity and for the University to the government authority located in Boone, NC.
▪ Identification and verification of University covered entities.
▪ Administration policies and Procedures in all HIPAA covered entities, connected offices and departments
▪ Physical facility and office conditions in all HIPAA covered entities, connected offices and departments.
▪ Information technologies in use by all HIPAA covered entities, connected offices and departments
o Conduct onsite visits of all involved branches/programs in order to evaluate physical structures to determine if building or space modifications are required to comply with HIPAA Privacy and Security regulations.
o Interview selected management and staff members regarding common privacy and security related practices within branches/programs and between branches/programs to include, but not be limited to, disposal, storage, and encryption practices or procedures.
o Interview selected IT and covered entity staff members
o Identify all information systems and communication networks that store, maintain, or transmit ePHI and determine compliance with HIPAA Privacy and Security regulations.
o Evaluate the potential risks (to include the cost of failure related to privacy or security breaches and related public communication costs) associated with how the different divisions/programs collect, use, manage, house, disclose and dispose of information and evaluate options or changes to current practices in order to meet HIPAA Privacy and Security regulations.
o Review the University incident response plan including reporting and response practices, procedures and policies for sufficiency for HIPAA related requirements.
o Review University Human Resources policies, procedures and practices for HIPAA Privacy and Security compliance, including the review of all HIPAA-related agreements for new hires, student/faculty practitioners, research agreements, volunteers etc.
o Conduct a Cost-Benefit-Risk evaluation on any options that may limit or reduce the number of University CEs via changes to billing and remuneration for services.
o Provide a list of prioritized actions needed to address any identified deficiencies including an assessment of required effort and resource recommendations in terms of staffing, technology, or other elements required to address aforementioned actions and objectives.
(2) A mandatory pre-proposal conference will be held on August 15, 2019.
(3) All question must be submitted no later than August 15, 2019.
[C] Eligibility:
Onshore (USA Only)
[D] Work Performance:
Performance of the work will be Offsite. Vendor needs to carry work in their office location.
Budget :
Deadline to Submit Proposals: August 23,2019
Cost to Download This RFP/RFQ/RFI/Solicitation/Tender/Bid Document : 5 US$
![]()
Product (RFP/RFQ/RFI/Solicitation/Tender/Bid Etc.) ID : EXTRA-6136
Government authority located in Boone, North Carolina; USA based organization looking for expert vendor for HIPAA consulting service.
[A] Budget: Looking for Proposals
[B] Scope of Service:
(1) Vendor needs to provide HIPAA privacy and security gap analysis and prepare a written report that includes specific prioritized short and long-term recommendations for HIPAA privacy and security compliance for each campus covered entity and for the University to the government authority located in Boone, NC.
▪ Identification and verification of University covered entities.
▪ Administration policies and Procedures in all HIPAA covered entities, connected offices and departments
▪ Physical facility and office conditions in all HIPAA covered entities, connected offices and departments.
▪ Information technologies in use by all HIPAA covered entities, connected offices and departments
o Conduct onsite visits of all involved branches/programs in order to evaluate physical structures to determine if building or space modifications are required to comply with HIPAA Privacy and Security regulations.
o Interview selected management and staff members regarding common privacy and security related practices within branches/programs and between branches/programs to include, but not be limited to, disposal, storage, and encryption practices or procedures.
o Interview selected IT and covered entity staff members
o Identify all information systems and communication networks that store, maintain, or transmit ePHI and determine compliance with HIPAA Privacy and Security regulations.
o Evaluate the potential risks (to include the cost of failure related to privacy or security breaches and related public communication costs) associated with how the different divisions/programs collect, use, manage, house, disclose and dispose of information and evaluate options or changes to current practices in order to meet HIPAA Privacy and Security regulations.
o Review the University incident response plan including reporting and response practices, procedures and policies for sufficiency for HIPAA related requirements.
o Review University Human Resources policies, procedures and practices for HIPAA Privacy and Security compliance, including the review of all HIPAA-related agreements for new hires, student/faculty practitioners, research agreements, volunteers etc.
o Conduct a Cost-Benefit-Risk evaluation on any options that may limit or reduce the number of University CEs via changes to billing and remuneration for services.
o Provide a list of prioritized actions needed to address any identified deficiencies including an assessment of required effort and resource recommendations in terms of staffing, technology, or other elements required to address aforementioned actions and objectives.
(2) A mandatory pre-proposal conference will be held on August 15, 2019.
(3) All question must be submitted no later than August 15, 2019.
[C] Eligibility:
Onshore (USA Only)
[D] Work Performance:
Performance of the work will be Offsite. Vendor needs to carry work in their office location.
Budget :
Deadline to Submit Proposals: August 23,2019
Cost to Download This RFP/RFQ/RFI/Solicitation/Tender/Bid Document : 5 US$