The Comprehensive Security Risk Assessment or CHSA
The CHSA is the perfect product for those that have already established a HIPAA Security/Privacy Compliance Baseline and are ready to take their security readiness posture to the next level. The Comprehensive HIPAA Security Assessment is great for organizations that have immediate security concerns. The CHSA also let these organizations know where they stand from a compliance perspective measures against the HIPAA Security Rule. The CHSA is the perfect choice for organizations that have been performing regular HIPAA Risk Assessments and Penetration Tests but would like a fresh set of eyes to evaluate where they stand.
The CHSA is focused on the security countermeasures or controls deployed in the environment. More specifically - the effectiveness of those controls and countermeasure at protecting the Confidentiality, Integrity, and Availability of Personal Healthcare Information (PHI).
HIPAA Compliance Experts
Our expert team performs a targeted penetration test looking to identify cracks or gaps security controls deployed to protect PHI. A single compromised system could easily map back to the failure of numerous security controls or countermeasures from a failure in the patch management system to a weak Passwords Policies or outdated AV/Malware Protection. An assessment is made to determine if a failure/breach was logged; check to see if an alert was sent and if personnel were trained on the policies and procedures. Did the personnel receiving the warning respond well enough to, isolate, log the event, determine the severity and alert management IAW established timelines and thresholds? Are unsuccessful access attempts being logged and reported?
HIPAA Policy Review
The CHSA assess policies and procedures to determine if they meet the minimum HIPAA requirements, as well as if they are complete, comprehensive, current and being followed. Your organization’s operational and administrative controls will go under a microscope. Our certified security professionals will look at everything from your Business Continuity and Disaster Recovery planning to your Business Associate Agreements to your initial and ongoing HIPAA/Security training program.
All information gathered in the CHSA process in measure against the HIPAA Security Rule and Security Best Practices. Your organization will be graded as Compliant, Partially Compliant or Not Compliant in reference to the HIPAA Security Rule. You will receive a recommendation that, if implemented, will make your organization compliant with the HIPAA Security Rule, Security Best Practices as well as current threat landscape.
Achieve HIPAA Compliance
Our HIPAA Security Risk Assessment and HIPAA GAP Analysis Audit services are designed to help you achieve regulatory compliance while providing a holistic review of your IT security posture.
Protect What Matters - ePHI/PHI
Our goal is that our detailed, third-party HIPAA risk analysis will allow your team to enhance and/or develop effective safeguards for protecting PHI and ePHI entrusted to your care.
No "Checkbox" HIPAA Audits
Not all HIPAA consulting firms are created equal. Many leave out the deep technical testing which solves the immediate regulatory requirement, but leaves the organization vulnerable to technical exploits and puts PHI at risk. At our core, we are a cybersecurity consulting agency with a firm belief that any assessment meant to satisfy HIPAA or HITECH cannot simply be a "checkbox" audit. We include the deep technical security testing so you can truly know the effectiveness of your controls.
We always include technical security testing and control auditing as a standard part of our Comprehensive HIPAA Security Assessment .
Included Services
Holistic Assessment
We thoroughly inspect the state of your administrative, physical, and technical security policies, plans, procedures, systems, and networks against best practices and the HIPAA compliance standards.
Risk Analysis
A HIPAA risk assessment consultant maps out in detail your assets, potential threats, and operational risks.
Internal & External Vulnerability Assessment
We perform a technical IT/cyber security assessment including penetration testing from an outside and inside perspective to identify weaknesses and vulnerabilities.
Gap Analysis
Our expert HIPAA/HITECH consultants identify areas that need improvement in order to conform to the Security Rule provisions. This information is used for planning of any remediation efforts and proof of due diligence.
Remediation Recommendations
At this final stage, we document reasonable and appropriate recommendations to support your rationale in designing and implementing any Required and Addressable safeguards in accordance with best practices and HIPAA/HITECH regulatory standards.
Full Database and Logs
We include all of the raw data from our IT security scans so that your team can perform their own deep analysis.