Rsam provides an effective and highly efficient best-of-breed solution for enabling healthcare organizations to comply with HIPAA Security Risk Assessment requirements. Every element within Rsam's HIPAA Security template is mapped directly to the HIPAA Security Rule. These elements are then cross-referenced to the related elements within NIST that provide the foundation for HIPAA Security. Rsam's customizable questionnaires come pre-mapped to their appropriate assessment areas such as applications, departments, business associates, infrastructure elements, and more.

Data Sheet
Key Features
Whitepapers

Key Considerations for HIPAA Security Compliance
Risk Assessments are the foundation and cornerstone of HIPAA Security compliance
Checklists are not enough - The execution of a 'gap assessment' checklist, or generically interpreted version of the 'matrix' within HIPAA Security does NOT go far enough to meet the stated security requirements for HIPAA Risk Assessment and may expose the organization to prosecution and penalties.
HIPAA Security requires that organizations implement a recurring assessment cycle. Organizations that build their assessment practice around a scalable and effective solution will quickly realize a substantial savings of time and money.
The scope of the HIPAA Risk Assessment should include every element where PHI exists, be it stored, processed or transmitted.

HITRUST Common Security Framework (CSF), a certifiable framework that provides organizations with the needed structure, detail and clarity relating to information security tailored to the healthcare industry. Rsam has partnered with HITRUST to license their CSF content so that customers can leverage the Rsam GRC platform to automate CSF-based assessments within their organizations.

Whether healthcare organizations have already adopted the CSF or are just starting to work with the framework, Rsam enables them to automate the core processes of data collection and remediation tracking, perform advanced risk analysis and easily create dashboards and reports using a simple drag-and-drop interface. Over time, customers can also add solutions such as Threat and Vulnerability Management, Incident Tracking and others, to their existing GRC program using the Rsam Platform as a central repository to manage risks from a holistic perspective.
The Rsam solution implements quickly to create an effective and affordable platform for HIPAA Security Risk Assessment - even in the largest and most complex organizations. Rsam is an intuitive, multi-user, web-enabled, and highly customizable risk assessment application that allows organizations to meet their HIPAA Security needs quickly and effectively for both Risk Assessment & Risk Management requirements. Rsam empowers organizations to:
Perform a faster, more thorough, and cost-effective Information Security Risk Assessment across dozens - even hundreds of sites
Deploy a road-tested HIPAA Security template cross-referenced with NIST guidelines
Create a platform that allows the enterprise to perform assessments internally - with or without any consultant interaction
Make timely and accurate updates with an online solution that allows multi-user, real-time access
Perform ongoing HIPAA security risk assessments that will allow you to (i) reduce your overall risk assessment costs and (ii) maintain an up-to-date, well documented risk management strategy that will guide the implementation of your security measures
Rsam Eliminates Excessive Complexity, while Maintaining Accurate & Useful Results:
Overly complex solutions and tools can cripple an assessment process. RelSec's Patent-Pending methodology, combined with Rsam's intuitive distributed GUI allows healthcare organizations to get up and running quickly without excessive complexity. Assessment templates come predefined with an abundance of controls based on HIPAA best practices, allowing you to simply select those you wish to include in your assessment. When required, adding and modifying additional controls within Rsam is a practical and intuitive process void of unnecessary complexity. Unlike other products, Rsam is designed to be useable by all, not just the security experts.
Rsam Enables Self Assessment or Joint Assessment:
Many organizations do not have the internal expertise or resources to perform risk assessments year after year, but are similarly burdened by the ongoing costs of utilizing consulting organizations to perform these tasks. One of our main goals at Relational Security Corporation has been to enable clients to become as self sufficient as possible. Our technology includes features such as web-enabled multi-user data entry, customizable audit cycles, & workflow that allow clients to perform ongoing self-assessments with great ease and accuracy. This permits organizations to perform their own self-assessments, or to use consulting organizations at any or all stages of the process. Customers that purchase Rsam for use by external consultants can simply maintain the resulting data for their year-to-year assessment responsibilities once the consultants are done.
Rsam Factors in ePHI's Relational Nature:
When dealing with the protection of ePHI, it is vital for organizations to view security in terms of "relationships." For example, relationships must be drawn from the ePHI residing on a single object and relate it to the many other associated objects within the organization. To achieve the highest accuracy and impact, Rsam's Relationship-Driven technology helps identify and address these relationships. For example, the ePHI findings on one server may effect the control requirements of the room it resides in. The moment ePHI findings for this server is entered and the relationships are identified, Rsam adjusts the appropriate criticality levels, control requirements, and compliance evaluation automatically.
Rsam Promotes Executive Level Commitment & Involvement:
The Rsam reporting engine quickly processes details about criticality, controls, and relationships within the organization and presents them at the technical, managerial, and executive level. The same details used to help technicians deal with tactical issues are mined and manipulated to create highly informative and useful executive reports. This allows the executive staff to play an active and informed role in the organization's HIPAA Security compliance efforts and to measure and track compliance across the organization.
Rsam Accommodates Future Changes in HIPAA:
It can be reasonably assumed that over the course of time the HIPAA Security requirements will be augmented or modified to meet changing security concerns in the industry. Rsam's technology and methodology have been designed from the ground up to provide the absolute highest degree of flexibility possible. Everything from control requirement policies, criticality and PHI definitions, to the specific technology and controls being audited can be changed at the click of a button. And as an Rsam customer, you will receive automatic updates to all standards and regulatory control templates purchased from Relational Security Corporation.
Rsam Includes Physical, Technical, and Administrative Elements:
While many security assessment software solutions are focused simply on the technical aspects of security, Relational Security's expanded focus can be used to integrate other vital components such as physical and administrative requirements. Through Rsam's highly flexible technology, criticality and control relationships extend to business associates, personnel, and more, all within the same analysis and reporting system.
Rsam Keeps your Risk Assessment Current:
Rsam's technology is designed specifically to keep the client's assessment data up to date over the course of time. Where traditional assessment processes forced organizations to throw away stacks of outdated audit reports and start every new assessment from scratch, Rsam enables the reuse of and to build upon previously collected data elements. This enables clients to eliminate redundant data collection efforts, make additions, deletions, and modifications on the fly, and even dynamically adjust policies, controls, and risk elements. Rsam's highly intuitive framework enables organizations to perform assessments and verifications year after year at substantial cost savings over traditional assessment practices.