800.903.6264

AUDIT & COMPLIANCE

PA-DSS Assessment RoV/Gap Assessment

NERC CIP Gap Assessment Pre-Audit

Continual Compliance Program

ISO 27001 Gap Assessment & Implementation

Cross Compliance Mapping Assessment

PCI GAP Assessment

SSAE 16 SOC 2 Pre-Audit or CPA Assistance

PCI ASV Scans

TR-39 Gap Analysis and Audit

Application Process Flows

FedRAMP Gap Analysis

External CPA Support = IT & Security Assessment Services

HIPAA Gap Assessment

GLBA Assessment Gap Analysis

Privacy Gap Assessment - Pre Audit

SOX 404(b)

EU Directive Safe Harbor Gap Assessment

HIPAA Gap Assessment – Pre Audit

Essentials

The Health Information Portability and Accountability Act (HIPAA) was enacted in 1996 addressing the security and privacy of health care data. In addition, The Health Information Technology for Economic and Clinical Health Act (HITECH Act) was enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA) and signed into law on February 17, 2009. The HITECH Act amended HIPAA with significant changes to data breach notification, enforcement, and penalties.

SecureState’s HIPAA Gap Assessment will review your systems and processes to identify areas of non-compliance.

Benefits

Compliance with the HIPAA/HITECH
Identification of non-compliant areas and understanding of what actions are needed to comply with the HIPAA Security and Privacy Rules
Proper 3rd party objective demonstration of HIPAA/HITECH compliance
Avoidance of damages often totaling millions of dollars that could result from a ePHI/PHI compromise
Reduction of the cost, confusion, and complexity of HIPAA/HITECH compliance

Expertise

SecureState’s Audit & Compliance consultants are experts in understanding both the technical aspects as well as the business aspects of your organization. Our experienced Team Members have worked with many organizations in the commercial, government, and health and human services sectors; including providers and service organizations. As part of these relationships, SecureState has gained extensive knowledge and experience with National Institute of Standards and Technology (NIST) security control frameworks such as NIST SP 800-53 that are commonly used in government agencies and can be adopted by commercial organizations. In addition, SecureState has a number of CIPP professionals as well as a former HIPAA Compliance Officer for a Fortune 500 financial institution on staff to assist with both the Security and Privacy Rules outlined within HIPAA.

Get Scoping Questions Now!

Fill in your details and you can download a FREE questionnaire to ask your vendors.

Your Name

Your Phone

Your Email

Your Company

We will not share or distribute your email to anyone. It will be used solely to contact you about the service you have inquired about.

Did You Know?

Data breaches cost the healthcare industry $6 billion per year
Data breaches cost healthcare organizations an average of $1 million per year
Lack of staff and preparation (policies and processes) are blamed for most data breaches
A HIPAA Gap Assessment should be performed annually

Our Approach and Methodology

SecureState’s approach to a HIPAA Gap Assessment – Pre Audit maps out critical information processes and determines if regulatory controls have an impact on the business. The goals are to:

Evaluate the effectiveness of your HIPAA compliance program
Validate HIPAA controls
Remediation cost-justification
Keep you up-to-date on any new HIPAA requirements, threats, and liabilities

The stages of our HIPAA Gap Assessment, with limited descriptions, are as follows:

Pre-Onsite Visit:

Introduce engagement participants and define roles
Review engagement activities
Review any applicable documentation

Process Mapping:

Document the in-scope HIPAA business process and supporting technologies
Perform data flow analysis and map HIPAA processes to technical infrastructure

Requirements Analysis:

Document the existing controls used to protect ePHI/PHI
Identify gaps against the NIST 80-53 framework for HIPAA Security Rule
Identify gaps against the GAPP framework for HIPAA Privacy Rule

Reporting:

On-site interview and information gathering to assess HIPAA compliance status
Outline strategic recommendations to mitigate identified control gaps
Upload remediation activities to “MyState Portal”

What Makes Us Different

Provides comprehensive on-demand security expertise during the engagement and throughout the year
Support clients’ HIPAA programs with our proprietary “MyState Portal” and a team of qualified HIPAA specialists
Maintains close relationships with our clients because we care about the outcome of the assessment
Has a former HIPAA HIPAA/Chief Privacy Officer for a Fortune 500 company on staff
Recognizes Unified Compliance Framework (UCF) and/or HITRUST Common Security Framework for cross-compliance mapping

Related Services

Downloads

We Can Help You

Generate New Image

Enter the code from above.