TrustCC, Information Security Consulting & Compliance

• Home
• Industries
  • Financial Services
  • Healthcare
  • Retail
  • Government
  • Service Providers
  • Public Companies
  • Higher Education
  • Professional Services
• Solutions & Services
  • IT Compliance
    • GLBA Compliance
    • HIPAA Compliance
    • SOX 404 Compliance
    • PCI DSS Security Preparedness
    • TG-3 PIN Security
  • IT Audit
    • General Controls Audit
    • FFIEC Audit
  • IT Security Testing
    • Comprehensive Security Assessment
    • Penetration Testing
    • Mainframe Security
  • IT Policy and Program
    • Information Security Risk Assessment
      
    • Incident Response
    • IT Security and Compliance Training
    • Business Continuity Planning
    • Policy and Procedure Development
• Resources
  • Articles
  • Checklists and Samples
  • Presentation Materials
  • Case Studies
    • Penetration Testing Case Study
    • Social Engineering and Phishing Case Study
    • Outsourced IT Audit Case Study
    • Policy Development Case Study
  • Partners
  • Useful Links
• Company Info
  • The TrustCC Advantage
  • Management Team
  • Security/Audit Vendor Due Diligence
  • TrustCC's Internal Controls
  • Client Demographics
  • Code of Ethics
  • Job Openings
  • Contact Us
• News & Events
  • News & Press
  • Seminars and Training

HIPAA Compliance

The healthcare industry has undergone a dramatic shift in the way it must handle patient records. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) strongly regulates how patient information may be used and when and how patient information may be shared with partners. While most healthcare organizations had compliance initiatives in 2003 and 2004 to ensure compliance with HIPAA, many organizations have not continued to focus on ongoing HIPAA compliance.

TrustCC’s unique HIPAA Compliance Assessment is specifically designed for Healthcare organizations. The HIPAA Compliance Assessment offering has been scaled to serve the HIPAA security needs of mid-size to large healthcare clinics, hospitals, insurance companies, and large academic and research healthcare facilities.

Designed For:

Healthcare organizations (providers, billing services, insurers, etc.) who desire to periodically re-evaluate their controls designed to protect PHI. This service fulfills HIPAA 164.308 Standard 8 ("Evaluation - Perform a periodic technical and non-technical evaluation... that establishes the extent to which an entity's security policies and procedures meet the requirements of this sub-part.").

What We Typically Provide:

• Policy and Standards Review: Ensure policies and standards address the latest threats and that controls are designed to mitigate these threats.
• Documentation Review: Ensure documentation is maintained to describe significant changes to the controls environment, management reporting, and risk evaluation.
• Security Vulnerability Assessment and Penetration Testing: Technical and physical procedures designed to identify control weaknesses and demonstrate the ability to exploit these weaknesses.
• Treatment Plan: TrustCC will report on the procedures performed, findings, and detailed recommendations to address control and documentation weaknesses.

How You Benefit:

• Know your Risks: You'll be able to prioritize your security initiatives according to your risks and thereby more efficiently reduce the likelihood of a security breach.
• Demonstrate your Controls: You'll know the effectiveness of your controls or the need to invest more resources to protect sensitive information.
• Comply with Regulations: Our assessments are designed to meet HIPAA requirements to test and evaluate key controls.