Risk Analysis
HIPAA Risk Analysis is a rigorous, detailed identification and prioritization of key risks currently facing our healthcare partners. Our Risk Analysis explores the likelihood of a potential breach and its impact by assessing the physical, administrative and technical information security controls and safeguards outlined by the HIPAA Security Rule.
Read More ›Fortified’s HIPAA Risk Analysis is a very rigorous and detailed identification and prioritization of key risks currently facing our healthcare partners. Our HIPAA Risk Analysis explores the likelihood of a potential breach and the magnitude of its impact by assessing the physical, administrative and technical information security controls and safeguards outlined by the HIPAA Security Rule.
This service centers on threats, vulnerabilities, the risk they pose, and the controls recommended for mitigating those risks. Fortified Health closely adopts the NIST (National Institute of Standards & Technology) recommended methodology for conducting the HIPAA Risk Analysis.
This methodology, while modified to some extent by Fortified for our clients’ specific needs, is widely accepted as the “gold standard” for conducting risk analyses. The risk analysis, coupled with vulnerability scanning, brings a comprehensive view of organizational risk from a strategic, operational and tactical perspective.
The Fortified Difference
Unlike some risk assessments, we actually scan your current environment through a technical scan versus a simple technical questionnaire. This provides a higher level of understanding versus a traditional assessment — especially with respect to vulnerabilities that might be exploited if not properly addressed.
Fortified will conduct a mock audit utilizing the HIPAA Security Rule, Privacy Rule, Breach Notification Rule in accordance with the OCR Audit Protocol. We will structure the engagement to be reflective of an actual audit, employing restrictive timelines for documentation submission as well as requiring detailed evidence of safeguard implementation.
Read More ›Fortified will conduct a mock audit utilizing the HIPAA Security Rule, Privacy Rule, Breach Notification Rule in accordance with the OCR Audit Protocol, as a baseline.
The scope of work will consist of:
- Remote documentation review
- On-site facility walkthroughs
- Key personnel interviews
- Review organizational policy/procedures
We will structure the engagement to be reflective of an actual audit, employing restrictive timelines for documentation submission as well as requiring detailed evidence to demonstrate implementation of the administrative, technical and physical safeguards of the HIPAA Security Rule, as well as the selected standards and implementation specifications of the HIPAA Privacy and Breach Notification Rules. This comprehensive approach simulates the high intensity environment that you can expect to feel from an audit by OCR or other auditing bodies.
Fortified’s Sensitive Information Discovery process will scan, locate, and secure sensitive data throughout your network. Through our partner’s TrueDLP Discovery module, we will locate, identify, and secure sensitive data throughout the network, proactively reducing data loss risk while providing visibility into potentially unsecured information.
Read More ›Fortified’s Sensitive Information Discovery process will scan, locate, and secure sensitive data throughout your network. Through our partner Digital Guardian’s TrueDLP Discovery module, we will locate, identify, and secure sensitive data throughout the network, proactively reducing data loss risk while providing visibility and auditing of potentially unsecured information. Detailed audit logging and reports provide administrators and auditors with the information needed to demonstrate compliance, protect confidential information, and reduce data-loss risk. Discovery Data Loss Prevention finds and remediates confidential data on SAN, NAS, databases, content management systems, laptops, workstations, servers and web sites.
Penetration testing is a proven methodology that replicates real-world attack scenarios through a consistent and reliable process that tests your IT infrastructure so that you can protect confidential data from today’s threats. We provide actionable reports and prioritized recommendations – all customized to your healthcare organization.
Read More ›Penetration testing is a proven methodology that replicates real-world attack scenarios, testing your IT infrastructure so that you can protect confidential data from today’s threats. We provide actionable reports and prioritized recommendations – all customized to your healthcare organization.
Penetration testing methodology is carried out through seven stages, beginning with scope and definition and concluding with project clean up. This staged approached allows for a consistent and reliable testing process.
Quickly becoming the Gold Standard within the healthcare industry, a HITRUST Certification sets an organization heads and shoulders above their peers with regards to a functioning, sound security program. Covered Entities (CE) and Business Associates (BA) alike can benefit from the prescriptive nature of the Common Security Framework (CSF) controls, as outlined by the HITRUST Alliance.
Read More ›Fortified Health Security is an approved HITRUST CSF Assessor. Our staff is prepared and experienced in providing certification, validation and self-assessment assistance services. The HITRUST CSF was developed to address the multitude of security, privacy and regulatory challenges facing healthcare organizations. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.