Scio Management Solutions is a Leading Provider of Healthcare Business Process Services to Healthcare Providers

Physical Security

Physical security controls include preventing unauthorized physical access to secure areas. This includes safe locations of data, access to building, 24/7 monitoring, restricting access to authorized personnel only and restricting vendor access.

Network & Information Security

Designed to protect your network and data. Areas to consider as part of your NIS would be access to system, antivirus software, email security, firewalls, mobile device security, data loss prevention, wireless security and web security.

Emergency Response & Disaster recovery

A disaster recovery plan (DRP) is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster. Such a plan, ordinarily documented in written form, specifies procedures an organization is to follow in the event of a disaster.

Company-Wide HIPAA Education

HIPAA requires that both covered entities and business associates provide HIPAA training to members of their workforce who handle PHI. This means that even small physician’s offices need to train their personnel on HIPAA.

HITECH Act Compliance

Areas of great importance to medical practices include:
Enhanced HIPAA enforcement – The new HITECH act promises increased focus and enforcement of HIPAA. The legislation includes “willful neglect” penalties up to $250,000.
Breach Notifications – Practices must notify patient of any unsecured breach of personal health information (PHI) occurs. If a breach impacts 500 or more patients then HHS must be notified.
Electronic Health Record access – The act requires patients and designated third parties have electronic access to their PHI. This applies to any provider who is utilizing a EHR.
Business Associates – Under the HITECH Act, business associates are now required to comply with the measures provided for the HIPAA Security Rule.

Stringent Non Disclosure and Confidentiality Agreements

Practices should have all employees sign a non disclosure and confidentially agreement to protect confidential patient information as well as confidential information about the business and financial interests of the practice.

Periodical Auditing

Practices should perform periodic audits for unauthorized access to PHI, system access and physical access.
The HIPAA security rule requires covered entities to conduct four types of audits. Three of them are periodical and one is annual. The periodic audits include an information systems activity review, user login monitoring and audit log review (from systems, databases, etc., for storage, use, and disclosure of PHI). The annual audit is called as an evaluation and is more commonly known as a compliance audit.

SCIO Management Solutions maintains compliance with all HIPAA Standards for Privacy, Electronic Transactions and Security (including the HITECH Act and the Omnibus Rule of 2013). SCIO Management Solutions has implemented policies, processes, procedures and a staff training program designed to ensure compliance with Federal and State information security laws, regulations, and rules, and monitors ongoing compliance efforts and maintains various reporting mechanisms that are required by law. SCIO Management Solutions recognizes that we are a key business partner will continue to provide all services in accordance with the requirements of all state and federal laws and regulations.

Steven Frost, Chief Operations Officer is the HIPAA privacy officer for SCIOMS. Steven may be contacted at 941-312-2829, or by email to and all correspondence maybe mailed to:

SCIO Management Solutions Inc
PO Box 25487
Sarasota, FL 34277

Megh Nathan is the Security Officer for SCIOMS. He may be contacted at 941-306-2273, or by email to