Browse
Search
2022-223-E-Health-TEGO Data Security, LLC-Conduct HIPAA security risk analysis
OrangeCountyNC
>
Board of County Commissioners
>
Contracts and Agreements
>
General Contracts and Agreements
>
2020's
>
2022
>
2022-223-E-Health-TEGO Data Security, LLC-Conduct HIPAA security risk analysis
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
6/16/2022 3:48:51 PM
Creation date
6/16/2022 3:48:36 PM
Metadata
Fields
Template:
Contract
Date
6/2/2022
Contract Starting Date
6/2/2022
Contract Ending Date
6/16/2022
Contract Document Type
Contract
Amount
$6,500.00
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
19
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Tego Statement of Work <br />1.GOALS AND OBJECTIVES <br />Orange County has engaged Tego Data Systems LLC with a place of business at 1801 Glenwood Ave <br />#3, Raleigh NC 27608 (“Tego”) to perform consulting services (“Services”) as described below. <br />Customer and Tego may be referred to as the “Party” or collectively as the “Par ties”. <br />2.SERVICES <br />Tego, through its employees, shall provide to Customer the services described as follows. <br />HIPAA was enacted to ensure that patient medical data is safe and secure. Healthcare organizations <br />(CEs) and their vendors/business associates (BAs) that handle sensitive patient data/ electronic <br />Protected Health Information (ePHI) have stringent rules and regulations they must follow to be HIPAA <br />compliant. Today, a HIPAA audit is the best way to ensure compliance with the law and for <br />organizations to achieve peace of mind knowing their patients and customers are protected to the <br />highest degree possible. <br />North Carolina Health Departments maintain electronic Protected Health Information (ePHI) in multiple <br />locations within their environment as a Covered Entity. This proposal includes the discovery and <br />scoping of ePHI in the environment, assessment of administrative, physical and technical safeguards, <br />technical vulnerability and compliance scans of the Health Department devices, identification and <br />prioritization of HIPAA Security control gaps, compliance consulting to address the gaps and reporting. <br />Reports include a Compliance Report and a risk-prioritized Management Plan. All work is completed by <br />ISACA Certified Information Systems Auditors. <br />Statement of Work <br />Phase Activities <br />Discovery <br />●Create Assessment Plan <br />●Coordinate Engagement CISA <br />●Schedule Kick-Off Call (Remote) <br />Implementation <br />Audit Activities <br />●Identify Security Officer/establish network access <br />●Interviews of Health and IT Department staff to obtain <br />understanding of processes/procedures relating to HIPAA Privacy <br />and Security (user onboarding/offboarding, system backups, <br />incident management, etc.) <br />●Installation Scanning Appliance and Asset <br />○Working with IT staff to set up and configure scanning tool <br />Orange County - Tego SOW 4587 4 <br />DocuSign Envelope ID: BCF251C3-8462-4FD0-A8E0-6346EEFF29DA
The URL can be used to link to this page
Your browser does not support the video tag.