The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a broad national standard that places protections around healthcare and health insurance in the United States of America. While the standard touches many different aspects of patient care, there are specific provisions or “rules” designed to protect sensitive patient health information from improper use and disclosure. The rules were required by HIPAA to be developed by the Secretary of the U.S. Department of Health and Human Services (HHS). The rules included the HIPAA Privacy Rule, and a subset of requirements labeled the HIPAA Security Rule. The outcome for not adhering to HIPAA requirements can result in civil and even criminal penalties.
The two rules outlined above set the overall requirement for administrative, technical, and physical safeguards as they relate to HIPAA. It is these types of controls that our consultants help organizations to achieve.
Risk Assessment
Risk Management Program Development
Virtual Risk Officer
HIPAA / HITECH Gap Assessments
HIPAA Security Policies
Sanction Policies
Information Security Policy Development
Policy Reviews
Information Systems Assessment and Reviews
Security Awareness Training
Business Continuity Plan Development
Vendor Risk Assessments
Physical Security Assessments
Site Visits
Social Engineering Testing Services
Fraud Assessment Services
Business Continuity and Contingency Planning Services
Building Access Control Planning Services
Data Disposal Plan and Solutions
Electronic
Physical Media
Data Backup Plan and Solutions
Vulnerability Assessments
Penetration Testing Services
Incident Response Plan
Data Breach and Forensic Investigation Services
Network Access Control (NAC) Services
Dynamic Segmentation Security Programs
Identity and Access Management Solutions
Security Log Monitoring
Endpoint Detection and Response Solutions
Encryption Solutions
Virtual Chief Information Security Officer
Virtual Privacy Officer Services
Medical Device Risk Assessments
Cyber Security Services (CSS) has been helping organizations meet HIPAA compliance requirements since 2013. We work with clients to meet the administrative, technical, and physical safeguards required by HIPAA.
At CSS, we help with your Risk and Compliance programs. We also setup standards that make sense for your industry. If a program already exists, we piggyback off of what you are currently doing and make adjustments as needed.
We understand that vCISO is focused on strategic risk and compliance objectives throughout the year, but some organizations require hands-on cybersecurity expertise. Our team of professionals are ready to jump in where you need us the most. Our experts are assigned based on your specific needs.