Security Services
Our goal is to craft a comprehensive program based on vigilant security controls, organizational resilience, and expert oversight.
The Intraprise Health Security Difference
Our security services have been at the vanguard of healthcare information privacy and security since 2009. Completely healthcare focused, we provide advisory services and solutions to meet the information security needs you face now and in the future.
- Security Risk Assessment
- Penetration Testing
- Security Education
- Business Impact Analysis
- Tabletop Exercises
- Phishing Exercises
- Third Party Risk Management Services
- HITRUST
Security Risk Assessment
Our Security Risk Assessment (SRA) offering now combines Intraprise Health’s highly rated security services with the industry’s leading HIPAA SRA software platform, HIPAA One®, to deliver a complete SRA solution for healthcare. With the recent acquisition of HIPAA One, Intraprise Health’s customers can now leverage our comprehensive SRA services through HIPAA One’s software platform (built on the NIST Cybersecurity Framework). SRA customers can access our assessor’s notes and findings through the HIPAA One platform during and upon completion of the assessment auto-generated reporting, including the final report of findings, as well as HIPAA One’s remediation management module can be utilized for an enterprise-wide, full-lifecycle and scalable approach to HIPAA security and compliance.
Intraprise Health’s SRA solution looks at an organization’s information security and risk management program in a collaborative, standards-based, and compliance-aware approach. Our Security Risk Assessment solution includes strategic, operational, and tactical assessments performed by seasoned cyber security experts in order to achieve comprehensive risk mitigation.
Progressive healthcare organizations perform a Security Risk Assessment/HIPAA Risk Analysis on an annual basis in order to maintain HIPAA compliance and fulfill their obligations to PHI security and privacy. Our cyber security professionals have deep HIPAA expertise and are armed with the latest scanning tools, techniques and the HIPAA One SRA platform. Using online questionnaires, document reviews, client interviews, physical walk-throughs, where possible, of facilities and internal and external vulnerability testing, Intraprise Health’s security risk assessments analyze large amounts of information. This gives us the most meaningful and accurate vulnerability intelligence for risk analysis and remediation planning.
Learn more about HIPAA One Acquisition
Take a fresh look at your Annual Security Risk Assessment (SRA)
During the course of a Security Risk Assessment, we will:
- Map vulnerabilities identified to both HIPAA (as amended by HITECH and the Omnibus 2013 Final Rule), NIST Cybersecurity Framework and the HITRUST CSF
- Ensure HIPAA Compliance
- Draft a comprehensive Report of Findings incorporating practical, real-world remediation recommendations
- Present findings and recommendations in stakeholders’ briefing session(s)
- Provide subject matter expertise for senior management decisions, regarding risk
- Assist with alignment of strategy, business objectives, and information assurance
Get the structure, detail and clarity that you need to:
- Evaluate HIPAA/HITECH compliance
- Document current state of security controls
- Meet the requirements associated with Meaningful Use
- Identify gaps that pose true business risk
- Create a practical remediation roadmap
- Establish a sustainable operating model for information security and privacy
- Further relationships based on trust and confidence with clients and business partners
Penetration Testing
Penetration Testing uses existing vulnerabilities to uncover security blind spots as well as to determine to what extent they can be exploited. Our penetration testing expert (“ethical hacker”) simulates the actions of an external cyber attacker to expose critical systems and strives to gain access to sensitive data.
We use a mix of proven penetration frameworks and tools containing databases of known exploits that are deployed against a set of discoverable entry points and the services that run on them.
Security Education and Awareness Training
Education and Awareness Program Development
Security vigilance is achieved through staff awareness and education. It is an organization’s most powerful risk mitigation tool.
Our programs feature security experts who make security education engaging and interesting with the goal of increasing competence and confidence.
Education and Awareness Services include:
- Content and material development for education and awareness training sessions
- One-time topic workshops
- Year-long progressive topic development
- Customized content and topics to suit organizational goals
- Communication and internal promotion plans and content
- Tailored topics by audience or skill level
- Online education and content
Business Impact Analysis
Business Impact Analysis (BIA) is a systematic process to assess and evaluate the potential effects of an interruption to operations as a result of a natural or man-made disaster, accident, or other emergency, and to gather information needed to develop recovery, prevention, and risk mitigation strategies. We conduct Business Impact Analysis in accordance with NIST Special Publication 800-34 and best practices outlined by the Disaster Recovery Institute International (DRII).
Business Impact Analysis (BIA) Report of Findings includes:
- Mission/business processes and recovery criticality:
- Outage impacts
- Maximum tolerable downtime
- Recovery time objectives
- Recovery point objectives
- Resource requirements
- Recovery priorities for system resources
- Review of business continuity plan to assess potential gaps and to prepare remediation recommendations
Tabletop Exercises
- Tabletop exercises are a proven method for practicing the skills and knowledge needed to implement a plan or operation during an incident from within that organization or across several organizations.
- Our TTXs are discussion-based sessions where team members meet in an informal, classroom setting to discuss their roles during a crisis like, a data breach or disaster recovery scenario, as well as practice their responses to various high-value scenarios. Most tabletop exercises can be conducted in a few hours and create an environment for shared learning and cross-organization collaboration.
- TTX topics can include business continuity and disaster recovery, as well as various breach management and incident response issues.
Phishing Exercises
- Phishing campaigns have a two-fold benefit. First, they test an organization’s overall level of awareness about these very common, but high-risk attacks. Second, they create an opportunity to improve user competence for those susceptible to compromise through personalized learning experiences.
- The best safeguard against targeted phishing attacks is to educate staff and ensure they know how critical their role is in protecting the information they possess. Educating staff on current threats, like phishing attacks, empowers them to become proactive protectors of your organization’s most valuable asset — your data.
Third Party Risk Management Services
Data breaches are on the minds of every C-Suite executive in Healthcare. Third-Parties (i.e., vendors and business partners) with access to an organization’s Protected Health Information (PHI) and/or Personally Identifiable Information (PII) represent a significant risk due to the potential for data breaches. Until recently, Third-Party Risk Management (TPRM) has been primarily treated as a compliance and contract approval “checkpoint”. Due to the significant growth in healthcare data breaches and the awareness of the risk posed by third-party security weaknesses, healthcare organizations have started implementing stronger TPRM programs that try to focus on uncovering true security weaknesses in the hopes of addressing this large-scale problem. However, most organizations struggle to assess their third-parties and business partners effectively, mostly through a patch-work of static forms, lengthy security questionnaires and haphazard email-based communication. Requests come from almost anywhere in the supply chain without consistent information and solid process.
Intraprise Health delivers industry-leading TPRM services provided by certified, expert and proven healthcare security experts. Organizations seeking a security-focused solution and the ability to scale-up to meet their needs can rely on Intraprise Health. Although we customize our program to meet your requirements, our core TPRM services utilize the following approach:
- Evaluate the current TPRM security environment throughout the Supply Chain
- Optimize current-state processes and workflows
- Establish communication and reporting protocols
Intraprise Health’s TPRM solution (adapted to customer environment)
- Assign each vendor to a risk-based tier (i.e., risk category) based on the vendor’s profile and contracted solution/services
- Perform standards-based Third-Party evaluations via Intraprise Health Assessments (HIPAA, MU, NIST, HITRUST, PCI, etc)
- Coalesce documentation
- Perform thorough Security Assessment and Audit Evidence
- Identify and record risks and remediation actions
- Establish a Corrective Action Plan (CAP) with the Third-Party
- Track remediation progress of the CAP and re-evaluation milestones
- Provide status updates, metrics and analysis
Our TPRM Services provide a comprehensive and scalable set of services performed by seasoned experts on a fully or partially outsourced basis. Contact us to learn more about Intraprise Health’s industry-leading TPRM services.
Click here to visit our dedicated HITRUST page
