Healthcare Regulatory Audit

The landscape of information security in healthcare can be very confusing. For instance, there are federal laws such as HIPAA and HITECH, which is part of the American Recovery and Reinvestment Act (ARRA) passed in 2009. HITECH regulations expand the kinds of entities governed by regulations on the safeguarding of Personal Health Records (PHR) and what must happen in the event of a breach.

Then there is the PCI standard imposed by financial institutions on any organization that takes credit or debit cards as payment. Some of these standards are more general, while others are quite prescriptive. Some have the power of law, while others are private initiatives that are gaining governmental blessing.

To make matters more confusing, laws and interpretations of the laws change frequently and at times without advance notice. In all its audit services, NetSPI offers detailed program guides, which walk a client through the audit process and spell out what is required at each step.

The HITRUST Alliance, a consortium of healthcare, business, technology, and information security leaders, has established the Common Security Framework (CSF), a certifiable framework that can be used by organizations that create, access, store, or exchange Protected Health Information (PHI). NetSPI can help organizations comply with HIPAA and HITECH regulations, and help them use the CSF.

As a leader in healthcare security and compliance, NetSPI has formed a local Special Interest Group (SIG) for information security professionals in healthcare who are interested in evaluating the value of the CSF to their organizations.

A gap analysis compares current practices and methodologies against HIPAA/HITECH security requirements in four areas: Administrative, Technical, Physical, and Documentation. The gap analysis establishes the benchmark for the subsequent mandated risk analysis.

NetSPI will help clarify the scope of certification and identify the degree of an organization's readiness to proceed with the CSF certification process.

NetSPI can help organizations achieve HITRUST certification with guidance from our specialists in information security for healthcare and our custom-developed tools.

Read about NetSPI's unique combination of advantages.