Are You Sure You’re Following HIPAA/HITRUST Requirements?

The Healthcare Insurance Portability and Accountability Act (HIPAA) is complex but important legislation. It mandates that patient data should be stored securely, that access to the data be controlled and monitored, and that healthcare organizations have the policies, procedures and systems needed to ensure compliance.

The foundation of all HITRUST programs and services is the HITRUST CSF, a certifiable framework that provides organizations with a comprehensive, flexible and efficient approach to regulatory compliance and risk management.

TBG Security compliance readiness assessment

To ensure you are ready to pass a HIPAA audit, or if you want to become HITRUST certified, we perform a TBG Security compliance readiness assessment, also known as a pre-audit, to uncover and remediate any security issues flagged as problematic.

TBG Security’s HIPAA Readiness Assessment provides you with an accurate appraisal of your organizations’ security posture as it applies to the HIPAA requirements.

PHASE 1: Infrastructure Assessment

A successful HIPAA or HITRUST compliance plan first requires an in-depth review of your existing infrastructure, applications and policies.

Services include:

  • Target Scanning – identifying targets of interest
  • Exhaustive Port Scanning – identify services on each target
  • Version Scanning – fingerprint the services and OS to identify
  • Vulnerability Scanning – vulnerability scanning of targeted hosts
  • Application Scanning – vulnerability scanning at the application level
  • Penetration Testing – automated and manual penetration tests
  • Policy Review – review existing policies and procedures

TBG Security’s PCI Site Assessment may be executed partially via phone interviews for policy reviews, and partially onsite for physical inspections and verification of data collected during off-site reviews.

PHASE 2: Gap Analysis

Working with our customer, we prioritize the findings reported in the Assessment phase, formulating the most efficient and effective remediation strategy required to pass the HIPAA Audit or HITRUST certification process.

Services include:

  • Creating a readiness report documenting the Assessment findings
  • Conducting a Gap Analysis
  • Developing a comprehensive list of all remediation projects
  • Creating a detailed project plan including milestones and deliverables for the remediation phase of the project
 

Ongoing Compliance Monitoring

Many compliance regulations require an annual audit of your security systems and procedures in order to retain your standard validation. In most cases, the assessment may be conducted by internal staff (often requiring sign off from a C-level officer) or by a third-party expert consultant. TBG Security is prepared to help you maintain compliance

Services include:

  • Annual on-site audit of your organization’s security systems and procedures
  • Periodic review of networks for security posture, as needed
  • Quarterly vulnerability scans
  • Regular monitoring/analysis of network devices for security events and breaches
  • On-demand assessment of specific network components for security posture
  • Periodic review of access, management, and data encryption
  • Log monitoring and forensics to investigate specific incidents
 

Get In Touch

Have a question about your HIPAA/HITRUST requirements? We’re here to help.

Contact Us