Healthcare organization are increasingly subject to regulatory compliance. Sword & Shield helps customers understand the business risks associated with HIPAA and how your staff, policies, procedures, and technology compare with HIPAA security rule requirements.
- HIPAA Gap Analysis
- Meaningful Use Risk Assessment
- Meet Michelle Caswell
- Remediation Services
- PCI Compliance Services
- Affiliations and Memberships
- Real Success Stories
- Request a Consultation
HIPAA Gap Analysis
A Sword & Shield HIPAA specialist will perform the following tasks in order to evaluate your HIPAA compliance and work towards remediation of any deficiencies:
- Provide a baseline of your organization’s people, processes, and technology with respect to securing patient data.
- Produce a gap analysis between the baseline and the HIPAA requirements.
- Create a remediation plan, with priorities based on the risk score, which provides the ‘roadmap’ to close the gaps identified and move your organization into compliance with the HIPAA.
- Create a central repository of information relative to achieving compliance and which provides support for continuously monitoring the controls required to remain compliant.
- In consultation with your project manager, a work management plan will assign and track action items that must be completed to implement controls required by HIPAA.
- A separate proposal will be provided at the conclusion of the gap analysis for any remediation projects assigned to Sword & Shield.
- Update the repository as action items are completed to provide evidence of compliancy during the subsequent HIPAA assessments.
Meaningful Use Risk Assessment
A Sword & Shield Healthcare Compliance and Security Specialist will perform a risk assessment focusing on your technology, people, environment, and processes across seven security domains; Management and Policy, Access Control, Authentication, Awareness, Content Security, Threat Management, and Encryption. The assessment uses forty-three (43) threat agents. The agents represent internal or external events that may cause disruption to the organization’s processes and activities. The threats are inclusive and may have human, technical or environmental origins.
The Risk Assessment includes a deeper analysis of the key technical assets, including the EMR system, routers, switches, workstations, servers, laptops, and firewalls. By employing a sampling approach, the cost of the assessment can be kept manageable, and conclusions regarding the entire organization can still be made.
A risk index rating is calculated across seven security domains, each of which consist of the specific controls called for in the HIPPA Privacy and Security Rule and the HITECH Breach Notification laws needed to ensure the availability, confidentiality, and integrity of an organization’s information assets.
Currently, healthcare providers are given financial incentives to either upgrade their existing Electronic Health Records (EHR) systems or purchase a new EHR system that will deliver a secure set of electronic services as part of the HITECH Act, a provision of the American Recovery and Reinvestment Act of 2009 (ARRA). The program started in 2011 and will end in 2015.
OUR MEANINGFUL USE RISK ANALYSIS SERVICES
- Physician Practice Meaningful Use Risk Analysis – Meets the requirements of MU Core Measure 15, Provides a Corrective Action Plan to reduce risks.
- Hospital Meaningful Use Risk Analysis – Provides a means to communicate your risk profile to the Covered Entities you are serving security.
- Business Associate Security Risk Assessment – Meets MU Core Measure 15 and creates a roadmap to achieve compliance with HIPAA Privacy and Security Rule, the Red Flags identity fraud prevention and HITECH breach notification laws including applicable state laws.
See brochure for more information.
Meet Michelle Caswell
Michelle Caswell comes to the company after spending three years as a Health Insurance Portability and Accountability Act (HIPAA) privacy investigator for the U.S. Office of Civil Rights (OCR). While there she ensured covered entities were in compliance, conducted complaint investigations and educated covered entities on how to comply with the HIPAA Privacy Rule and new electronic health record (EHR) requirements.
Prior to her experience with the OCR, Caswell, a member of the Georgia State Bar, worked as law clerk for the Health Law Partnership. There she managed a large caseload under a supervising attorney, worked on cases involving legal issues that included health care law, education law, grandparent visitation, applications for government benefits and programs and housing and consumer law.
At Sword & Shield, Caswell conducts procedural and operational assessments of information security processes and system controls, with a focus on HIPAA compliance. She also leverages security and compliance knowledge to review organizations’ current security policies, processes, and controls to provide in-depth gap analyses and guidance on best practices in Governance, Risk, and Compliance (GRC) as it relates to HIPAA security and privacy standards.
Sword & Shield offers a variety of testing and remediation services to address problems uncovered in a security audit or HIPAA Gap Analysis.
|Policy Development & Review||Sword & Shield will review and assist in the develop security policies to meet compliance requirements as well as security best practices.|
|Security Testing||Penetration testing, vulnerability testing of networks, desktops, firewalls, wireless routers, and other critical systems. Reduces risks that someone with the intent to do harm could bypass security controls and gain access to sensitive information.|
|Provides peace of mind that your Web applications, whether developed in house or by a service provider, are not easily breached by those with the intent to do harm.|
|Mobile Application Assessment||Verifies encryption of data stored on mobile devices.|
|Configuration & Hardening Review||Review the OS, external connections, and application-level security. Report our findings with actionable recommendations to improve the policies, procedures, and security controls of your systems.|
|Virtual Infrastructure Assessment||Audit of your virtual infrastructure to include access control, the application of least privilege, data protection, secure network configuration, disaster recovery planning and testing, and threat analysis specific to virtualized environments.|
|PCI Compliance||Streamlines achievement of PCI compliance for all of your billing and POS locations regardless of merchant level.|
|Encryption||Data encryption provides a safe harbor from breach notification. PHI should be encrypted while at rest in servers, desk tops, laptops and while being transmitted inside or outside the covered entity via emails, remote device downloads.|
|Incident Response||Prepare an incident response plan in the event of a data breach. Provides rapid response when you suspect someone has compromised private information for which you are responsible.|
|Bridges the knowledge gap between IT and corporate counsel when producing electronic evidence in litigation. Reduce the cost of electronic discovery by having an eDiscovery readiness plan.|
|Forensic Investigations||Reduces workload on the IT department from time consuming electronic investigation and insures that evidence is preserved and admissible in a court of law.|
|To respond to the growing threat of data breaches, Sword & Shield will proactively identify the types of cyber attacks, the origin of the attacks and will determine if there is evidence of an existing threat in the form of malware and viruses.|
Most healthcare organizations accept credit cards and may be subject to PCI regulations. We are a PCI Qualified Security Assessor and PCI assessment is our most popular service. See our PCI Compliance page to learn more about our offerings.
Affiliations and Memberships
As part of Sword & Shield’s commitment to provide the most necessary services to our customers, we belong to a variety of organizations that survey their memberships on the services most important to them. Sword & Shield is a proud member of the Healthcare Information and Management Systems Society (HIMSS) and the Medical Group Management Association (MGMA).
Real Success Story
A Sword & Shield healthcare client had been exercising their due diligence in testing the security controls of their external and internal network using Sword & Shield analysts and had difficulty securing sufficient budget to address some of the security concerns. Sword & Shield provided a risk assessment and gap analysis against the HIPAA security requirements and uncovered some serious matters that needed to be addressed in defining roles and responsibilities, policies and technical remediation required to meet HIPAA compliance. A risk based approach got the attention of executive level management and the project was funded.
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.
U.S. Toll-free: 800-810-1885