Browse
Search
2025-657-E-Health Dept-Tego Data Security-Conduct HIPAA security risk analysis
OrangeCountyNC
>
Board of County Commissioners
>
Contracts and Agreements
>
General Contracts and Agreements
>
2020's
>
2025
>
2025-657-E-Health Dept-Tego Data Security-Conduct HIPAA security risk analysis
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
10/30/2025 2:52:40 PM
Creation date
10/30/2025 2:52:28 PM
Metadata
Fields
Template:
Contract
Date
10/17/2025
Contract Starting Date
10/17/2025
Contract Ending Date
10/28/2025
Contract Document Type
Contract
Amount
$11,500.00
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
29
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
<br />Tego Statement of Work <br /> <br /> <br /> <br />1. GOALS AND OBJECTIVES <br />Orange County Government (“Customer”) has engaged Tego Data Systems LLC with a place of <br />business at 1801 Glenwood Ave #3, Raleigh NC 27608 (“Tego”) to perform consulting services <br />(“Services”) as described below. Customer and Tego may be referred to as the “Party” or collectively as <br />the “Parties”. <br />2. SERVICES <br />Tego, through its employees, shall provide to Orange County Government the services described as <br />follows. <br />HIPAA was enacted to ensure that patient medical data is safe and secure. Healthcare organizations <br />(CEs) and their vendors/business associates (BAs) that handle sensitive patient data/ electronic <br />Protected Health Information (ePHI) have stringent rules and regulations they must follow to be HIPAA <br />compliant. Today, a HIPAA audit is the best way to ensure compliance with the law and for <br />organizations to achieve peace of mind knowing their patients and customers are protected to the <br />highest degree possible. <br />North Carolina Health Departments maintain electronic Protected Health Information (ePHI) in multiple <br />locations within their environment as a Covered Entity. This proposal includes the discovery and <br />scoping of ePHI in the environment, assessment of administrative, physical and technical safeguards, <br />technical vulnerability and compliance scans of the Health Department devices, identification and <br />prioritization of HIPAA Security control gaps, compliance consulting to address the gaps and reporting. <br />Reports include a Compliance Report and a risk-prioritized Management Plan. All work is completed by <br />ISACA Cer tified Information Systems Auditors. <br />Statement of Work <br />Phase Activities <br />Discovery <br />● Create Assessment Plan <br />● Coordinate Engagement CISA <br />● Schedule Kick-Off Call (Remote) <br />Implementation <br />Audit Activities <br />● Identify Security Officer/establish network access <br />● Interviews of Health Department and IT Department staff to obtain <br />understanding of processes/procedures relating to HIPAA Privacy and Security <br />(user onboarding/offboarding, system backups, incident management, etc.) <br />● Installation Scanning Appliance and Asset <br />○ Working with IT staff to set up and configure scanning tool <br />● Internal/External Vulnerability Scan <br />○ Performing HIPAA compliance mandate scans for system benchmarking <br />● Evidence Collection and review to determine status of HIPAA Privacy and <br /> <br /> Orange County Government - Tego SOW 5005 4 <br />Docusign Envelope ID: 7A20BED7-118E-4E3E-832D-514C97AB6A49
The URL can be used to link to this page
Your browser does not support the video tag.