Security Services

Our goal is to craft a comprehensive program based on vigilant security controls, organizational resilience, and expert oversight.

Highly rated in KLAS

The Intraprise Health Security Difference

Our security services have been at the vanguard of healthcare information privacy and security since 2009. Completely healthcare focused, we provide advisory services and solutions to meet the information security needs you face now and in the future. 

Contact us for more information about our Security Services

Security Risk Assessment

Our Security Risk Assessment (SRA) offering now combines Intraprise Health’s highly rated security services with the industry’s leading HIPAA SRA software platform, HIPAA One®, to deliver a complete SRA solution for healthcare. With the recent acquisition of HIPAA One, Intraprise Health’s  customers can now leverage our comprehensive SRA services  through HIPAA One’s software platform (built on the NIST Cybersecurity Framework). SRA customers can access our assessor’s notes and findings through the HIPAA One platform during and upon completion of the assessment auto-generated reporting, including the final report of findings, as well as HIPAA One’s remediation management module can be utilized for an enterprise-wide, full-lifecycle and scalable approach to HIPAA security and compliance.

Learn about our Security Risk Assessment
Learn more about HIPAA One Acquisition
During the course of a Security Risk Assessment, we will:

  • Map vulnerabilities identified to both HIPAA (as amended by HITECH and the Omnibus 2013 Final Rule), NIST Cybersecurity Framework and the HITRUST CSF
  • Ensure HIPAA Compliance
  • Draft a comprehensive Report of Findings incorporating practical, real-world remediation recommendations
  • Present findings and recommendations in stakeholders’ briefing session(s)
  • Provide subject matter expertise for senior management decisions, regarding risk
  • Assist with alignment of strategy, business objectives, and information assurance
Get the structure, detail and clarity that you need to:

  • Evaluate HIPAA/HITECH compliance
  • Document current state of security controls
  • Meet the requirements associated with Meaningful Use
  • Identify gaps that pose true business risk
  • Create a practical remediation roadmap
  • Establish a sustainable operating model for information security and privacy
  • Further relationships based on trust and confidence with clients and business partners

Penetration Testing

Penetration Testing uses existing vulnerabilities to uncover security blind spots as well as to determine to what extent they can be exploited. Our penetration testing expert (“ethical hacker”) simulates the actions of an external cyber attacker to expose critical systems and strives to gain access to sensitive data.

We use a mix of proven penetration frameworks and tools containing databases of known exploits that are deployed against a set of discoverable entry points and the services that run on them.

Security Education and Awareness Training

Education and Awareness Program Development

Security vigilance is achieved through staff awareness and education. It is an organization’s most powerful risk mitigation tool.

Our programs feature security experts who make security education engaging and interesting with the goal of increasing competence and confidence.

Education and Awareness Services include:

  • Content and material development for education and awareness training sessions
  • One-time topic workshops
  • Year-long progressive topic development
  • Customized content and topics to suit organizational goals
  • Communication and internal promotion plans and content
  • Tailored topics by audience or skill level
  • Online education and content

Business Impact Analysis

Business Impact Analysis (BIA) is a systematic process to assess and evaluate the potential effects of an interruption to operations as a result of a natural or man-made disaster, accident, or other emergency, and to gather information needed to develop recovery, prevention, and risk mitigation strategies. We conduct Business Impact Analysis in accordance with NIST Special Publication 800-34 and best practices outlined by the Disaster Recovery Institute International (DRII).

Business Impact Analysis (BIA) Report of Findings includes:

  • Mission/business processes and recovery criticality:
  • Outage impacts
  • Maximum tolerable downtime
  • Recovery time objectives
  • Recovery point objectives
  • Resource requirements
  • Recovery priorities for system resources
  • Review of business continuity plan to assess potential gaps and to prepare remediation recommendations

Tabletop Exercises

  • Tabletop exercises are a proven method for practicing the skills and knowledge needed to implement a plan or operation during an incident from within that organization or across several organizations.
  • Our TTXs are discussion-based sessions where team members meet in an informal, classroom setting to discuss their roles during a crisis like, a data breach or disaster recovery scenario, as well as practice their responses to various high-value scenarios. Most tabletop exercises can be conducted in a few hours and create an environment for shared learning and cross-organization collaboration.
  • TTX topics can include business continuity and disaster recovery, as well as various breach management and incident response issues.
ARTICLE: Tabletop Exercises: Unappreciated and Underutilized

Phishing Exercises

  • Phishing campaigns have a two-fold benefit. First, they test an organization’s overall level of awareness about these very common, but high-risk attacks. Second, they create an opportunity to improve user competence for those susceptible to compromise through personalized learning experiences.
  • The best safeguard against targeted phishing attacks is to educate staff and ensure they know how critical their role is in protecting the information they possess. Educating staff on current threats, like phishing attacks, empowers them to become proactive protectors of your organization’s most valuable asset — your data.

Third Party Risk Management Services

Data breaches are on the minds of every C-Suite executive in Healthcare. Third-Parties (i.e., vendors and business partners) with access to an organization’s Protected Health Information (PHI) and/or Personally Identifiable Information (PII) represent a significant risk due to the potential for data breaches. Until recently, Third-Party Risk Management (TPRM) has been primarily treated as a compliance and contract approval “checkpoint”. Due to the significant growth in healthcare data breaches and the awareness of the risk posed by third-party security weaknesses, healthcare organizations have started implementing stronger TPRM programs that try to focus on uncovering true security weaknesses in the hopes of addressing this large-scale problem. However, most organizations struggle to assess their third-parties and business partners effectively, mostly through a patch-work of static forms, lengthy security questionnaires and haphazard email-based communication. Requests come from almost anywhere in the supply chain without consistent information and solid process.

Intraprise Health delivers industry-leading TPRM services provided by certified, expert and proven healthcare security experts. Organizations seeking a security-focused solution and the ability to scale-up to meet their needs can rely on Intraprise Health. Although we customize our program to meet your requirements, our core TPRM services utilize the following approach:

  • Evaluate the current TPRM security environment throughout the Supply Chain
  • Optimize current-state processes and workflows
  • Establish communication and reporting protocols
Intraprise Health’s TPRM solution (adapted to customer environment)

  • Assign each vendor to a risk-based tier (i.e., risk category) based on the vendor’s profile and contracted solution/services
  • Perform standards-based Third-Party evaluations via Intraprise Health Assessments (HIPAA, MU, NIST, HITRUST, PCI, etc)
  •  Coalesce documentation
  • Perform thorough Security Assessment and Audit Evidence
  • Identify and record risks and remediation actions
  • Establish a Corrective Action Plan (CAP) with the Third-Party
  • Track remediation progress of the CAP and re-evaluation milestones
  • Provide status updates, metrics and analysis

Our TPRM Services provide a comprehensive and scalable set of services performed by seasoned experts on a fully or partially outsourced basis. Contact us to learn more about Intraprise Health’s industry-leading TPRM services.

Click here to visit our dedicated HITRUST page

97

Highly rated in the KLAS Cybersecurity Report

100

Healthcare focused

2011

Expert Oversight