All healthcare organizations need a comprehensive strategy to protect the data needed for business. We can provide risk assessments, control gap assessments and other solutions to ensure your business’s information and data security.
As required by the United States Department of Health and Human Services’ HIPAA Security Rule, Covered Entities are required to do periodic Risk Assessments, mentioned in 45 C.F.R. § 164.308(a)(1)(ii)(A) quoted here:
Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.
We base our methodology on the National Institute of Standards and Technology’s Special Publication 800-30, as it is often used as industry standard.
Controls Gap Assessment
In preparation for, or reaction to a Risk Assessment, we can use industry standard control sets to determine if there may be gaps in measures. We consider all aspects regarding ePHI including Administrative, Physical, Technical, Organization and Policy or Procedure safeguards.
Defined Improvement Plans
Based on the results of a Risk Assessment or Controls Gap Assessment, we can assist management in not only identifying complementary or mitigating controls for a gap, we can also help establish a defined improvement plan centered on industry standards and past experiences.