800-810-1885
Home > Industry Solutions > Healthcare

Healthcare

Healthcare organization are increasingly subject to regulatory compliance. Sword & Shield helps customers understand the business risks associated with HIPAA and how your staff, policies, procedures, and technology compare with HIPAA security rule requirements.

HIPAA Gap Analysis

A Sword & Shield HIPAA specialist will perform the following tasks in order to evaluate your HIPAA compliance and work towards remediation of any deficiencies:

  • Provide a baseline of your organization’s people, processes, and technology with respect to securing patient data.
  • Produce a gap analysis between the baseline and the HIPAA requirements.
  • Create a remediation plan, with priorities based on the risk score, which provides the ‘roadmap’ to close the gaps identified and move your organization into compliance with the HIPAA.
  • Create a central repository of information relative to achieving compliance and which provides support for continuously monitoring the controls required to remain compliant.
  • In consultation with your project manager, a work management plan will assign and track action items that must be completed to implement controls required by HIPAA.
  • A separate proposal will be provided at the conclusion of the gap analysis for any remediation projects assigned to Sword & Shield.
  • Update the repository as action items are completed to provide evidence of compliancy during the subsequent HIPAA assessments.

Back to Top

Meaningful Use Risk Assessment

A Sword & Shield Healthcare Compliance and Security Specialist will perform a risk assessment focusing on your technology, people, environment, and processes across seven security domains; Management and Policy, Access Control, Authentication, Awareness, Content Security, Threat Management, and Encryption. The assessment uses forty-three (43) threat agents. The agents represent internal or external events that may cause disruption to the organization’s processes and activities. The threats are inclusive and may have human, technical or environmental origins.

The Risk Assessment includes a deeper analysis of the key technical assets, including the EMR system, routers, switches, workstations, servers, laptops, and firewalls.  By employing a sampling approach, the cost of the assessment can be kept manageable, and conclusions regarding the entire organization can still be made.

A risk index rating is calculated across seven security domains, each of which consist of the specific controls called for in the HIPPA Privacy and Security Rule and the HITECH Breach Notification laws needed to ensure the availability, confidentiality, and integrity of an organization’s information assets.

Meaningful Use Reimbursements

Currently, healthcare providers are given financial incentives to either upgrade their existing Electronic Health Records (EHR) systems or purchase a new EHR system that will deliver a secure set of electronic services as part of the HITECH Act, a provision of the American Recovery and Reinvestment Act of 2009 (ARRA).  The program started in 2011 and will end in 2015.

OUR MEANINGFUL USE RISK ANALYSIS SERVICES

See brochure for more information.

Back to Top

Meet Michelle Caswell

Michelle Caswell comes to the company after spending three years as a Health Insurance Portability and Accountability Act (HIPAA) privacy investigator for the U.S. Office of Civil Rights (OCR). While there she ensured covered entities were in compliance, conducted complaint investigations and educated covered entities on how to comply with the HIPAA Privacy Rule and new electronic health record (EHR) requirements.

Prior to her experience with the OCR, Caswell, a member of the Georgia State Bar, worked as law clerk for the Health Law Partnership. There she managed a large caseload under a supervising attorney, worked on cases involving legal issues that included health care law, education law, grandparent visitation, applications for government benefits and programs and housing and consumer law.

At Sword & Shield, Caswell conducts procedural and operational assessments of information security processes and system controls, with a focus on HIPAA compliance. She also leverages security and compliance knowledge to review organizations’ current security policies, processes, and controls to provide in-depth gap analyses and guidance on best practices in Governance, Risk, and Compliance (GRC) as it relates to HIPAA security and privacy standards.

Back to Top

Remediation Services

Sword & Shield offers a variety of testing and remediation services to address problems uncovered in a security audit or HIPAA Gap Analysis.

Policy Development & Review Sword & Shield will review and assist in the develop security policies to meet compliance requirements as well as security best practices.
Security Testing Penetration testing, vulnerability testing of networks, desktops, firewalls, wireless routers, and other critical systems. Reduces risks that someone with the intent to do harm could bypass security controls and gain access to sensitive information.

Web Security Testing

 Provides peace of mind that your Web applications, whether developed in house or by a service provider, are not easily breached by those with the intent to do harm.
Mobile Application Assessment Verifies encryption of data stored on mobile devices.
Configuration & Hardening Review Review the OS, external connections, and application-level security. Report our findings with actionable recommendations to improve the policies, procedures, and security controls of your systems.
Virtual Infrastructure Assessment Audit of your virtual infrastructure to include access control, the application of least privilege, data protection, secure network configuration, disaster recovery planning and testing, and threat analysis specific to virtualized environments.
PCI Compliance Streamlines achievement of PCI compliance for all of your billing and POS locations regardless of merchant level.
Encryption Data encryption provides a safe harbor from breach notification. PHI should be encrypted while at rest in servers, desk tops, laptops and while being transmitted inside or outside the covered entity via emails, remote device downloads.
Incident Response Prepare an incident response plan in the event of a data breach. Provides rapid response when you suspect someone has compromised private information for which you are responsible.

Electronic Discovery

 Bridges the knowledge gap between IT and corporate counsel when producing electronic evidence in litigation. Reduce the cost of electronic discovery by having an eDiscovery readiness plan.
Forensic Investigations Reduces workload on the IT department from time consuming electronic investigation and insures that evidence is preserved and admissible in a court of law.

Data Breach Threat Analysis

To respond to the growing threat of data breaches, Sword & Shield will proactively identify the types of cyber attacks, the origin of the attacks and will determine if there is evidence of an existing threat in the form of malware and viruses.

Back to Top

PCI Compliance

Most healthcare organizations accept credit cards and may be subject to PCI regulations. We are a PCI Qualified Security Assessor and PCI assessment is our most popular service. See our PCI Compliance page to learn more about our offerings.

Back to Top

Affiliations and Memberships

As part of Sword & Shield’s commitment to provide the most necessary services to our customers, we belong to a variety of organizations that survey their memberships on the services most important to them. Sword & Shield is a proud member of the Healthcare Information and Management Systems Society (HIMSS) and the Medical Group Management Association (MGMA).

 

Back to Top

Real Success Story

A Sword & Shield healthcare client had been exercising their due diligence in testing the security controls of their external and internal network using Sword & Shield analysts and had difficulty securing sufficient budget to address some of the security concerns. Sword & Shield provided a risk assessment and gap analysis against the HIPAA security requirements and uncovered some serious matters that needed to be addressed in defining roles and responsibilities, policies and technical remediation required to meet HIPAA compliance. A risk based approach got the attention of executive level management and the project was funded.

Back to Top

Find Out More

Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.

U.S. Toll-free: 800-810-1885

International: 865-244-3500


Request a Consultation
State    
How can we help you today?
Spam Captcha   Type this: captcha

Sales answers requests within 1 business day and usually within a few hours.

 

Some of our Certifications

Our Awards

<<< Industry Solutions
Colleges & Universities >>>

  • About Sword & Shield

    Protecting critical data since 1997, Sword & Shield Enterprise Security, Inc. is the premier holistic information security service provider.

    With solutions designed to meet the needs of an dynamic security and compliance landscape, we deliver evaluation, remediation, and ongoing monitoring and management to ensure you maintain the most comprehensive security posture possible.

    Awards Certifications

  • Request Consultation

    State

    Anti-spam captcha

    Sales answers requests within 1 business day and usually within hours.