The CHSA is the perfect product for those that have already established a HIPAA Baseline and are ready to take their security readiness posture to the next level, or for organizations that have immediate security concerns and also need to know where they stand from a compliance perspective measures against the HIPAA Security Rule. The CHSA is also the perfect choice for organizations that have been performing regular HIPAA Risk Assessments and Penetration Tests but would like a fresh set of eyes to evaluate where they stand.
This CHSA is focused on the security countermeasures or controls deployed in the environment. More specifically - the effectiveness of those controls and countermeasure at protecting the Confidentiality, Integrity, and Availability of Personal Healthcare Information (PHI). Our expert team performs a targeted penetration test looking to identify cracks or gaps security controls deployed to protect PHI. A single compromised system could easily map back to the failure of numerous security controls or countermeasures from a failure in the patch management system to a weak Passwords Policies or outdated AV/Malware Protection. An assessment is made to determine if a failure/breach was logged; check to see if an alert was sent and if personnel were trained on the policies and procedures. Did the personnel receiving the waring respond well enough to, isolate, log the event, determine the severity and alert management IAW established timelines and thresholds? Are unsuccessful access attempts being logged and reported?
The CHSA assess policies and procedures to determine if they meet the minimum HIPAA requirements, as well as if they are complete, comprehensive, current and being followed. Your organization’s operational and administrative controls will go under a microscope. Our certified security professionals will look at everything from your Business Continuity and Disaster Recovery planning to your Business Associate Agreements to your initial and ongoing HIPAA/Security training program.
All information gathered in the CHSA process in measure against the HIPAA Security Rule and Security Best Practices. Your organization will be graded as Compliant, Partially Compliant or Not Compliant in reference to the HIPAA Security Rule. You will receive a recommendation that, if implemented, will make your organization compliant with the HIPAA Security Rule, Security Best Practices as well as current threat landscape.
Protect What Matters
No "Checkbox" Audits
We always include technical security testing and control auditing as a standard part of our Comprehensive HIPAA Security Assessment .