Healthcare

For All Healthcare Providers and Payers

• Strategic planning for functioning effectively in an emerging E-Health environment
  • How to integrate EHRs, e-prescribing, RHIOs, and other HIT initiatives within legacy infrastructures
  • How to align and manage major health information systems acquisitions, implementations, and operations consistent with executive and stakeholder requirements and expectations of improved patient safety, streamlined workflows, and regulatory compliance
    
• Practical approaches to meeting security and privacy requirements of HIPAA, HITECH Act, 21 CFR Part 11, 42 CFR Part 2, and other regulatory standards
  • Document analysis: policies, procedures, retention
  • Independent validation and verification of existing risk assessments and risk management plans; performing new risk profiles and go-forth strategies
  • Advice related to international and state-specific privacy and security regulatory drivers and impacts
  • Reviewing specific technical product families for security/privacy compliance and impact
  • Providing expert testimony in civil and criminal proceedings
  • Providing oversight and guidance to information security projects/initiatives

For Academic Medical Centers

• Providing a host of support services focused on regulatory compliance for HIPAA, FERPA, The Common Rule
  • Evaluating organizational regulatory compliance across multiple information-centric statutory requirements
  • Board, executive, managerial, and staff-level compliance training as well as focused IT security and privacy training
  • Coaching new Information Security Officer (s) with either limited AMC experience and/or information security experience; vetting candidates for ISO/CPO positions
  • Comparative analysis of information security levels with peer institutions
  • In depth analysis and, if necessary, recommendations for remediation of existing or planned operational security programs
  • Advice on specific areas of administrative and technological concerns; e.g., single sign-on, secure email, business continuity, incident response, etc.
• Performing initial risk assessments and developing risk management plans and updates to existing risk assessments and risk management plans
• Detailed privacy and security policy and procedure analysis

For Businesses that Provide Information Services to Healthcare clients

• Review or development of security policies and procedures for HIPAA Business Associates
• Performing risk assessments and developing risk management plans for working with healthcare clients.

For Employers with HIPAA-Covered Health Plans 

• Review or development of security policies and procedures
• Performing risk assessments and developing risk management plans

<top>

Financial Services

Gramm-Leach-Bliley Act (GLBA)

• Evaluation of Privacy Rule and Security Rule categories compliance

<top>

Corporate Compliance (Publicly-Traded Companies)

Sarbanes Oxley Act (SOX)

• High level assessment of Section 404 requirements compliance

Seminars, General and Focused Training

• In all of the above industry areas and the listed subject matter

<top>