HIPAA/ HITRUST Requirements Readiness Assessment

Colleagues sitting at desk looking at laptop computer in office.

Are You Sure You’re Following HIPAA/HITRUST Requirements?

The Healthcare Insurance Portability and Accountability Act (HIPAA) is complex but important legislation. It mandates that patient data should be stored securely, that access to the data be controlled and monitored, and that healthcare organizations have the policies, procedures and systems needed to ensure compliance.

The foundation of all HITRUST programs and services is the HITRUST CSF, a certifiable framework that provides organizations with a comprehensive, flexible and efficient approach to regulatory compliance and risk management.

Contact Us

Hands protecting Personal Data information on Tablet. Information and cyber security Technology Services concept. Internet Technology

TBG Security compliance readiness assessment

To ensure you are ready to pass a HIPAA audit, or if you want to become HITRUST certified, we perform a TBG Security compliance readiness assessment, also known as a pre-audit, to uncover and remediate any security issues flagged as problematic.

TBG Security’s HIPAA Readiness Assessment provides you with an accurate appraisal of your organizations’ security posture as it applies to the HIPAA requirements.

Cropped shot of a young businesswoman sitting in her office and wearing a headset while working on her computer

PHASE 1: Infrastructure Assessment

A successful HIPAA or HITRUST compliance plan first requires an in-depth review of your existing infrastructure, applications and policies.

Services include:

  • Target Scanning – identifying targets of interest
  • Exhaustive Port Scanning – identify services on each target
  • Version Scanning – fingerprint the services and OS to identify
  • Vulnerability Scanning – vulnerability scanning of targeted hosts
  • Application Scanning – vulnerability scanning at the application level
  • Penetration Testing – automated and manual penetration tests
  • Policy Review – review existing policies and procedures

TBG Security’s PCI Site Assessment may be executed partially via phone interviews for policy reviews, and partially onsite for physical inspections and verification of data collected during off-site reviews.

Shot of a group of young businesspeople using a computer together during a late night at work

PHASE 2: Gap Analysis

Working with our customer, we prioritize the findings reported in the Assessment phase, formulating the most efficient and effective remediation strategy required to pass the HIPAA Audit or HITRUST certification process.

Services include:

  • Creating a readiness report documenting the Assessment findings
  • Conducting a Gap Analysis
  • Developing a comprehensive list of all remediation projects
  • Creating a detailed project plan including milestones and deliverables for the remediation phase of the project

Ongoing Compliance Monitoring

Many compliance regulations require an annual audit of your security systems and procedures in order to retain your standard validation. In most cases, the assessment may be conducted by internal staff (often requiring sign off from a C-level officer) or by a third-party expert consultant. TBG Security is prepared to help you maintain compliance

Services include:

  • Annual on-site audit of your organization’s security systems and procedures
  • Periodic review of networks for security posture, as needed
  • Quarterly vulnerability scans
  • Regular monitoring/analysis of network devices for security events and breaches
  • On-demand assessment of specific network components for security posture
  • Periodic review of access, management, and data encryption
  • Log monitoring and forensics to investigate specific incidents

Have a question about your HIPAA/HITRUST requirements? We’re here to help.

Contact Us