Healthcare Information Security

Our virtual chief information security officer (vCISO) provides on-demand access to security consulting services that include:

• Information security leadership and guidance
• Executive steering committee leadership or participation
• IT governance participation
• Security compliance management
• Security policy, process and procedure development
• Facilitated tabletop exercises
• Incident response leadership
• Security training and awareness
• Security program assessments
• Internal audits
• Penetration/vulnerability testing
• Social engineering
• Vulnerability assessments
• Risk assessments

Baker Tilly helps bring covered entities and business associates into compliance with the Health Insurance Portability and Accountability Act (HIPAA) with our tools, resources and collective experience. HIPAA requires covered entities and business associates to comply with the rules requirements to protect the security of protected health information (PHI). The security rules require the following safeguards:

• Administrative
• Physical
• Technical

Our HIPAA security risk assessment offerings allow you to select the program that is right sized for your organization. Our assessment offerings all include a year-long subscription to a SaaS HIPAA security risk analysis, documentation, remediation and reporting tool, and a level of vCISO guidance tailored to meet your needs and mitigate risk.

Our team can provide a formal review of your risk assessment findings, including:

• Developing options for remediation of risk
• Creating a remediation project plan based on analyses and decisions
• Leading the remediation project or providing assistance as needed – the approach is tailored to your needs

Our healthcare information security team has developed several Governance Advisory offerings, including:

Information security governance

• Governance development
• Creating metrics and reporting
• Mentorship
• Information security role-based training and periodic awareness training for continued compliance
• Assessment of your security controls and development of user provisioning across the organization
• Audits of the assets and controls

Focus on the fundamentals

• We collaborate with you to develop a holistic information security strategy
• We perform data classification and an asset inventory (i.e., data, people, software, hardware, etc.)
• We align data and assets for compliance positioning (HIPAA, HITECH, MU, PCI DSS, state regulations, etc.)