Aspects of HIPAA define policies, procedures and guidelines for maintaining the privacy and security of individually identifiable health information as well as outlining numerous offenses relating to health care and sets civil and criminal penalties for violations. It also creates several programs to control fraud and abuse within the health care system.
We help you comply with HIPAA regulations by performing a gap analysis, constructing implementation plans or providing policies, procedures and resources. We can also assist you in assessing the business impact of HIPAA regarding the applicability of regulations, and its effect on business processes, controls and reporting requirements. These are the services we provide to help you gain and remain in compliance:
Information Security & Privacy Services
Brown Smith Wallace risk advisory services helps our clients prevent information security attacks and data exposures that challenge organizations. The goal is to effectively manage and control these risks. All too often, organizations are unaware of the information security risks they face, and are unable to manage risks in the event of an information security and privacy breach.
Businesses may face potential litigation, regulatory fines, and reputation issues if sensitive information is not properly protected. The risks are typically higher in industries with complex regulatory requirements, in organizations that are unable to determine what constitutes sensitive data and in organizations that lack an integrated approach to data privacy.
Our team of highly experienced security & privacy professionals will examine your critical business systems and determine the level of exposure you have to internal and external threats. We provide a wide array of security and privacy services listed below to assist organizations in identifying and addressing potential security exposures, such as loss of customer data, loss of revenue and reputation damage, before they become problems. Our services include:
- Security Assessment Vulnerability assessment, attack and penetration testing, web application and client/server application security, wireless security, social engineering, physical security
- Risk Management HIPAA program assessment, ISO 27002 gap analysis, security policies development and review, security program guidance, risk program development and assessment
- Data Security and Privacy Data classification and retention review, data discovery and data loss prevention (DLP)
- Incident Response and Forensic Services Digital forensics, eDiscovery and litigation services, incident response, incident response program guidance
- Security Controls Assessment Firewall policy assessment, security and IT architecture review, voice over IP infrastructure review, database security review
- Staff Augmentation and Training Chief information security officer (CISO) as you grow, security staffing, security awareness program development and training, security and IT training
With our help, our clients have been able to dramatically reduce their security and privacy risks by conducting gap assessments and implementing remediation plans.
Did you know that 50% of companies experiencing a computer outage will be forced to close within five years.
We can help you develop a disaster recovery and business continuity plan that documents the necessary procedures to restore business operations in the event of a disaster. Working with this plan will enable you to take proactive steps before a disaster occurs.
Whether we review an existing plan or help you establish a new one, our methodical, logical approach is applied. We take a holistic approach to developing your business continuity or disaster recovery plan by focusing on your restoration objectives. The areas typically covered include human resources, facilities management, communication systems, information technology, infrastructure resources and media relations.
The major credit card issuers created PCI (Payment Card Industry) compliance standards to protect personal information and ensure security when transactions are processed using a payment card. All members of the payment card industry (financial institutions, credit card companies and merchants) must comply with these standards if they want to accept credit cards. Failure to meet compliance standards can result in fines from credit card companies and banks and even the loss of the ability to process credit cards.
There are six categories of PCI standards that must be met in order for a retailer to be deemed compliant. They are:
- Maintain a secure network
- Protect Cardholder Data
- .Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy