ATSEC INFORMATION SECURITY OFFERS EXPERTISE ON
A WIDE RANGE OF IT SECURITY SERVICES AND SOLUTIONS
|
 |
|
| |
Product
Security |
|
Organization
Security |
|
System
Security |
|
Network
Security |
| Standards |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Services |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Education
and
Training |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Solutions |
|
|
|
|
|
|
|
|
|
|
HIPAA
What atsec offers:
atsec information security has a long history of security assessments under various standards including ISO 27001 (BS 7799), the Federal Information Security Management Act (FISMA), and Payment Card Information Data Security Standard (PCI DSS). atsec is available to provide HIPAA consulting services to clients throughout the United States. We understand that developing, implementing, and maintaining a sustainable information security program conformant to the HIPAA standards is both resource intensive and complex. atsec’s qualified consultants offer these services:
- Education & Awareness - atsec can tailor a training program to help you raise awareness on HIPAA rules and regulations. We will customize the training program to meet the needs of your organization, whether it is for your Compliance Team, your employees or your Information Technology staff.
- Risk Work Out Sessions - Our Risk Work Out process begins with a security self-assessment checklist and interviews with the individuals responsible for security and compliance in your organization. During the interview process, we will focus on your goals, areas of concern, and specific financial issues. This information is then used to produce a remediation report detailing current security levels, program strengths and potential areas for improvement.
- Security Program Planning - Our security consultants will provide a detailed analysis of the scope, skills, and timeline required to achieve your goals. We will provide staffing requirements, detailed project plans for each of the areas you wish to address, and the timelines required to meet your security strategies.
- Security Program Implementation - As a valued asset, information must be managed and protected from internal and external threats. In order to protect its information assets, an organization must develop sustainable security measures and integrate those measures into its business processes. ISO/IEC 27001 and its related code of practice, ISO/IEC 17799 (which will be renumbered to ISO/IEC 27002 as part of the emerging ISO/IEC 27000 family of standards), provide internationally-accepted, standardized criteria to implement an effective information security management system (ISMS). Our understanding of the healthcare environment, along with our quality ISMS consulting services, allows atsec to bring a comprehensive set of security skills, knowledge, and objectivity to your Security Program.
- Risk Management – According to the United States Department of Health and Human Services “a covered entity must periodically review and update its security measures and documentation in response to environmental and operational changes that affect security of its ePHI.” We will help you develop a fully integrated risk management life-cycle process which takes into account new technologies and business processes.
Why our services are important to you
The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) required the United States Department of Health and Human Services (HHS) to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addressed the security and privacy of health information. It required HHS to establish national standards for the security of electronic health care information. The final rule adopting HIPAA standards for security was published in the Federal Register on February 20, 2003. The final rule defines a set of administrative, technical, and physical security safeguards covered entities must implement and continually assess to assure the confidentiality of electronic protected health information. Each safeguard includes standards. The standards are delineated into either required or addressable implementation specifications. The actual HIPAA rules and detail requirements that the healthcare industry have to follow are contained within the Administrative Simplification provisions of HIPAA, which fall under Title II (Fraud and Abuse) of the HIPAA act. These provisions are intended to reduce the costs and administrative burdens of healthcare by making possible the standardized, electronic transmission of administrative and financial transactions that are currently executed manually and on paper.
As a respected leader in the IT security industry, atsec is a trustworthy partner as your consultant for HIPAA projects. We understand security and privacy issues in great depth, and can back this up with a wealth of experience. What's more, as an independent IT security consulting enterprise of proven integrity, atsec offers you unbiased advice focused on the needs of your business, as well ensuring that the requirements of the legislation are satisfied.
|
