XLEMR & ACR 2 Solutions - Automated Risk Assessments for HIPAA & HITECH.

Simplicity Mobility Efficiency

XLEMR Basic Backup Solutions Integrated Billing E-Prescribe Fax Server Lab Interfaces RADAR Bulk Scaning Document Solutions PHR Card PACS System HIPAA Assessment

Our Commitment XLEMR Difference Testimonials Notes Quiz Calculate ROI Business Partners HIPAA Quiz

FAQ Features and Benefits Do I Need an EHR Learn about EHRs Meaningful Use Reqs Stimulus Payments

E-Prescribe Demo XLEMR Demo

ACR 2 Solutions (ACR2) is a leading developer and innovator of information security and regulatory compliance solutions. They specialize in software solutions that meet the needs of companies trying to keep up with rapidly expanding information security and compliance laws. Their products focus on automated risk assessment and risk management for regulatory compliance with federal mandates including GLBA, HIPAA, HITECH, FISMA and the PCI DSS.

The HIPAA Security Rule Compliance Reporter (HSCR) deploys state of the art enterprise risk management technology to allow you to meet the HIPAA Security Rule requirements for hospitals and their business associates. The software supports SCAP vulnerability scan data uploads and direct input or uploads of syslog data from perimeter security devices. Policy inputs include HIPAA specific questions and enhanced reporting. The HSCR console enables the monitoring of the HIPAA security rule compliance status of each business associate.

The console allows for hospital access to real-time display of the HIPAA security rule compliance status of all active business associates as described in NIST 800-66.

How it works - the technology

The overall ACR2 automated risk management process is shown in Figure 2. IPS and Anti-Virus data, network scan data, and policy data are input into the Risk Calculation Engine. This creates the Results Documentation Report and the Control Recommendations Report. The changes in controls are implemented and the changes are added to the risk engine, along with updated Scan and IPS/AV data. This cycle can be repeated as often as daily, with reports on demand, on schedule or on alarm.

Enterprise Compliance Console for HIPAA

The enterprise managment compliance package includes a console that allows hospitals or disttribed health care enterprises to access and view the HIPAA security rule compliance status of all of their business associates. This uses an implementation of technology developed under the sponsorship of the US Department of Homeland Security. The console allows the hospital to review and display the HIPAA security rule compliance status of each or all active business associates that have been configured and authorized access.

Glossary of Abbreviations

AV - Anti-Virus
IPS - Intrusion Prevention System
NIST - National Institute of Standards and Technology
SCAP - Security Content Automation Protocol
Syslog - System Log output from security devices
UTM - Unified Threat Management System