In an environment of increasing and evolving threats, our team of specialists can help you build and manage an effective information security program.

    Information security consulting you can trust

    Information security is a critical priority within every healthcare environment. With cybersecurity breaches becoming more frequent and complex, pressure is growing to refine information security strategies and to strengthen protection of patient information and healthcare systems.

    At Baker Tilly, our healthcare information security team is focused on providing highly experienced security professionals to support and strengthen your enterprise security posture. By having a risk-centered approach, we help to make sure that security programs are managed cost-effectively.

    Our virtual chief information security officer (vCISO) provides on-demand access to security consulting services that include:

    • Information security leadership and guidance
    • Executive steering committee leadership or participation
    • IT governance participation
    • Security compliance management
    • Security policy, process and procedure development
    • Facilitated tabletop exercises
    • Incident response leadership
    • Security training and awareness
    • Security program assessments
    • Internal audits
    • Penetration/vulnerability testing
    • Social engineering
    • Vulnerability assessments
    • Risk assessments

    Baker Tilly helps bring covered entities and business associates into compliance with the Health Insurance Portability and Accountability Act (HIPAA) with our tools, resources and collective experience. HIPAA requires covered entities and business associates to comply with the rules requirements to protect the security of protected health information (PHI). The security rules require the following safeguards:

    • Administrative
    • Physical
    • Technical

    Our HIPAA security risk assessment offerings allow you to select the program that is right sized for your organization. Our assessment offerings all include a year-long subscription to a SaaS HIPAA security risk analysis, documentation, remediation and reporting tool, and a level of vCISO guidance tailored to meet your needs and mitigate risk.

    Our team can provide a formal review of your risk assessment findings, including:

    • Developing options for remediation of risk
    • Creating a remediation project plan based on analyses and decisions
    • Leading the remediation project or providing assistance as needed – the approach is tailored to your needs

    Our healthcare information security team has developed several Governance Advisory offerings, including:

    Information security governance

    • Governance development
    • Creating metrics and reporting
    • Mentorship
    • Information security role-based training and periodic awareness training for continued compliance
    • Assessment of your security controls and development of user provisioning across the organization
    • Audits of the assets and controls

    Focus on the fundamentals

    • We collaborate with you to develop a holistic information security strategy
    • We perform data classification and an asset inventory (i.e., data, people, software, hardware, etc.)
    • We align data and assets for compliance positioning (HIPAA, HITECH, MU, PCI DSS, state regulations, etc.)
    Doctor analyzing patient data on a tablet

    Baker Tilly and Artisight Collaborate to Improve Financial Performance and Address Staffing Shortage within Hospitals

    Oct. 13, 2022 | This pairing brings together technology and implementation excellence to provide greater operational efficiencies, and an enhanced patient and caregiver experience

    Experience matters

    We have the knowledge

    Our interoperability and system integration professionals are accomplished, long-term employees. Most have on average 15 years of healthcare IT experience and are specialists in two or more engines. We invest extensively in employee development to ensure you receive the benefit of their cutting-edge skills.

    We have the professionals

    Our healthcare information security professionals possess on average more than 23 years of experience in the healthcare industry and maintain technical certifications which include CISSP, CCISO, CISM, CISA, Security+ and Epic Certified Security Coordinator.

    We have the approach

    We start with understanding your information security needs. Whether it’s developing a strategy, implementing a plan, monitoring compliance, providing security awareness and training, or performing risk remediation, we tailor our solutions to meet your specific needs.

    Information security specialists you can trust