KeySys Health and GRC Workflow SAAS

KeySys

Who We Are

KEYSYS Health, LLC was founded in 2008 by former Healthcare executives who experienced first hand a lack of understanding in healthcare practices of the relationship between HIPAA controls and generally understood ‘best business practices’ (which the practice might already have implemented!).  For that reason, compliance with HIPAA seemed overwhelming to many.  Healthcare practices, especially resource constrained small and mid-sized practices, needed to grasp the meaning of ‘controls’, but lacked a cost-effective solution to build their knowledge and address their compliance requirements.     

female doctor using
female doctor using

Our Journey

From the early days of spreadsheets and paper manuals, it was clear there had to be a more effective process to put in the hands of management. KeySys began the journey of using online software to manage risk management program development work.  Out of our experience, a second-generation application called GRC Workflow, was born.  The SAAS application provides healthcare practices, and their business associates, a practical solution using an intuitive workflow, built-in guidance, draft templates, and online document management, to overcome the HIPAA compliance challenge with confidence.

Mission

Provide a requirements focused platform that is intuitive for any healthcare entity obligated to comply with HIPAA and the HITECH Act. 

Vision

Enable small to medium sized healthcare clients to develop an ongoing HIPAA Risk Management Program that truly reflects their operations and capacity.

Helpful Nudge

We have seen how confusing HIPAA compliance can be for our clients

We understand the desire for it to be simple. That’s why GRC Workflow was designed to be intuitive for a user.  For those constrained by time and knowledge, we offer our consulting services as a helpful nudge, guiding your hand to simplify the Risk Management Program development effort, all the while transferring our knowledge to your team.  

GRC Workflow

GRC stands for Governance, Risk Management, and Compliance.

Once developed, a Risk Management Program must demonstrate that routine maintenance is occurring. A Risk Management Program is not a “one and done”. Changes to the organization and new or revised state and federal regulations demand vigilance to keep your Program viable.

Risk identity, and assessment of potential impacts to the organization, should drive the ongoing Risk Management Program.  Developing and documenting policies and procedures that assure the privacy and security of patient-protected health information is job one.  But, it is equally imperative to train staff on expectations and to document evidence of ‘implementation’ of defined policies and procedures.

You have a HIPAA complaint ongoing Risk Management Program if it is audit-ready, ie, all required standards and controls are documented, implemented, and monitored.  Indeed, everyone in the organization who is responsible for the controls needs to understand them and execute them routinely. The goal is to achieve a “culture of security”.

                                                                                                                        Software as a Service Application                                                                                                                             focused on Governance, Risk Management, and Compliance

Governance

Keeping the Program on Track
Once developed, a Risk Management Program must demonstrate that routine maintenance is occurring. A Risk Management Program is not a "one and done". Changes to the organization and new or revised state and federal regulations demand vigilance to keep your Program viable.

Risk Management

Identify vulnerabilities, adopt mitigating procedures, train & implement
Risk identity, and assessment of potential impacts to the organization, should drive the ongoing Risk Management Program. Developing and documenting policies and procedures that assure the privacy and security of patient-protected health information is job one. But, it is equally imperative to train staff on expectations and to document evidence of ‘implementation’ of defined policies and procedures.

Compliance

Documented, replicable, verifiable processes
You have a HIPAA complaint ongoing Risk Management Program if it is audit-ready, ie, all required standards and controls are documented, implemented, and monitored. Indeed, everyone in the organization who is responsible for the controls needs to understand them and execute them routinely. The goal is to achieve a "culture of security".
older medical professional

System Design

The GRC Workflow™ platform has a simple 3 level architecture: 

  • the program (ie. HIPAA Risk Management Program);
  • a list of projects that organize the compliance requirements of the program ( ie. assessments, audit and monitoring actions, administrative, technical and physical policies, etc.); and
  • individual tasks that address controls that satisfy each project's requirements.

The workflow is highly customizable.  Each client controls the projects and tasks (add, delete or change) that are relevant for their organization, allowing for a highly customized ongoing Risk Management Program that reflects the complexity of the client organization.   

REQUEST A DEMO

The Simplified Tool Bar

Tasks

Individual tasks with descriptions and templates to jump-start development

Calendar

Task due dates, reminder dates, and other events by month – email notices go to task assignee for each date set

Document Library

All the artifacts are in one place for easy access to program documentation

Team

These are the folks that have access to your system, your employees or trusted 3rd parties

female doctor using

Member Level & Features

The GRC Workflow Administrator will establish the client account and add the primary client manager as the first member of the Team.  Adding additional team members is addressed below.  All members added to the Team receive an email invitation to log into GRC Workflow and establish their unique password.
 
There are 2 access roles in GRC Workflow: Managers and Users. Each has varying levels of accessibility within the platform as noted below.

Role Permissions

Managers

The Manager level is the mid-level for permissions within GRC Workflow. Manager permissions include:

  • Selecting and viewing client-specific programs
  • Viewing all project tasks or creating new project tasks
  • Assigning, reassigning, deleting, or updating project tasks
  • Viewing the calendar with due dates and reminder dates for assigned tasks
  • Viewing files and folders in the document library
  • Adding, deleting, and renaming folders in the document library
  • Adding Team Members to the program
  • Viewing activity history and printing a schedule of tasks
doctor with businessman
Role Permissions

Users

The User level is the entry-level for permissions within GRC Workflow. User permissions include:

  • Viewing, updating, and completing tasks assigned to the specific User
  • Viewing task reminders and due dates on the calendar for the specific User
  • Printing Tasks
  • Printing Calendar

Role Permissions

Managers

The Manager level is the mid-level for permissions within GRC Workflow. Manager permissions include:

  • Selecting and viewing client-specific programs
  • Viewing all project tasks or creating new project tasks
  • Assigning, reassigning, deleting, or updating project tasks
  • Viewing the calendar with due dates and reminder dates for assigned tasks
  • Viewing files and folders in the document library
  • Adding, deleting, and renaming folders in the document library
  • Adding Team Members to the program
  • Viewing activity history and printing a schedule of tasks

Users

The User level is the entry-level for permissions within GRC Workflow. User permissions include:

  • Viewing, updating, and completing tasks assigned to the specific User
  • Viewing task reminders and due dates on the calendar for the specific User
  • Printing Tasks
  • Printing Calendar

For those constrained by time and knowledge, we offer our consulting services to define and clarify terms and requirements and provide a helpful nudge to keep your program on track.

book a free consultation