1. Our Services

    • MARS-E, Exchange Security

      Discuss your priorities for MARS-E assessment and how ecfirst can partner with your entity to meet the minimum set of standards that Exchanges must address.
    • Risk Assessment

      It is a HIPAA & HITECH MU/EHR mandate. It is an introductory clause in the ISO 27002. Small practices, large health systems, business associates must comply.
    • Business Impact Analysis (BIA)

      Compliance mandates require a Business Impact Analysis (BIA) exercise to be conducted and the IT Disaster Recovery Plan (DRP) to be created and updated reqularly. Are you prepared?
    • Disaster Recovery Plan (DRP)

      Once the BIA is completed, Contingency Plans can be developed using the information identified in the BIA. Typically, two types of Contingency Plans will need to be developed: Emergency Mode Plans for business unit recovery and Disaster Recovery Plans (DRP) for Information Technology (IT) systems and infrastructures.
    • ISO 27000 Consulting & Training

      Discuss ISO 27000 solutions from ecfirst, including ISO 27000 training (one day workshop), ISO 27799 training (one day workshop), ISO 27002 risk assessment and remediation services.
    • Technical Vulnerability Assessment

      One in four has reported a data breach. Compliance mandates require the infrastructure to be assessed from the outside (external), from the inside (internal), firewall (DMZ) and wireless.
    • On Demand Security Consulting

      We at ecfirst refer to this consulting model as - "you can do it, we can help." ecfirst resources may be applied to work along with your IT and compliance personnel to help create and update information security policies, technical procedures, processes, forms, supporting documentation and other required tasks.
    • Managed Compliance Consulting

      Managed Compliance Services Program is tailored to meet HIPAA's requirements and provide you with specialized capability in the areas of vulnerability assessments, BIA and contingency planning, training and certification, as well as audit and evaluation.
  2. Press Release

    • Pabrai Delivers Keynote Address in New York Conference

      September 18, 2014
      "Explore topics from business-critical fields of assurance, risk, security, governance, compliance and audit and the latest “megatrends.” Find solutions to help you work smarter, not harder."
    • Prepared for HIPAA Audits in 2014?

      "Reduce Risk with Managed Compliance from ecfirst! Over $25 M in HIPAA Fines & 31 M Records Compromised!"
    • Technical Vulnerability Assessment is a HIPAA Compliance Mandate

      "A key requirement of the HIPAA Security Rule compliance mandate is that organizations’ must conduct a comprehensive and thorough assessment of the potentials risks and vulnerabilities to the confidentiality, integrity, and availability of all sensitive information such as PII or PHI."
    • Data breach results in $4.8 million HIPAA settlements

      "Two health care organizations have agreed to settle charges that they potentially violated the HIPAA Privacy and Security Rules by failing to secure thousands of patients EPHI held on their network. The monetary payments of $4,800,000 include the largest HIPAA settlement to date."
    • Information Security Staffing Program (ISSP) from ecfirst

      "ecfirst, an organization rich in hands-on experience delivering information security services across all States in the USA provides the industry’s most flexible program for security staffing. ......"
    • Toolkits for HIPAA, ISO & PCI DSS Released

      "Compliance regulations, such as HIPAA and HITECH, as well as information security standards, such as PCI DSS, ISO 27000 and NIST, establish requirements for mobile device security......"
    • iPCR Product from Forte, Validated as HIPAA Compliant by ecfirst

      "Forte Holdings has combined technological expertise with input from medical workers to develop software that supports and improves patient care and administrative processes within the healthcare industry....."
    • Skagit County, Washington Breach Report Leads to OCR Investigation & HIPAA Fine

      "Skagit County, Washington, has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules....."
    • Pabrai Compiles HIPAA Security Rule: Reference Guide, A Must Have Colorful Guide to HIPAA Compliance

      "IRVINE, CALIFORNIA, USA – March 2, 2014: The HIPAA regulations require covered entities and business associates to comply with the HIPAA Security Rule ...."
  3. News & Events

    • Pabrai Security Video Brief

      Checklist for Information Security. Best Practices & Enabling an Audit Ready Program
    • Pabrai Presents Art of Performing Security Assessments

      Pabrai Presents Art of Performing Security Assessments at HCCA Conference, Oct 12-14, 2014
    • CSCS™, Las Vegas Nov 20-21, 2014

      A 2-Day Instructor-Led Security Compliance Program. CSCS™, World's First Cyber Security & Compliance Program in India! Examine ISO 27000, PCI DSS, HIPAA, HITECH & More. CSCS™ credential is a job-role based designation. This program is designed to enable professionals to understand, prioritize and ultimately assist organizations achieve compliance with information security-based regulations.
    • ASIS 8th Asia-Pacific Security Forum & Exhibition, 7-9 December 2014, Singapore

      Set for 7-9 December 2014, in Singapore in the spectacular Sands Expo and Convention Center at the Marina Bay Sands, this unique business summit will address a full spectrum of topics in security management such as: supply chain security, loss prevention, hotel security, intellectual property, maritime piracy..
  4. Virtual ISO

    • Virtual ISO

      ecfirst provides expertise to serve as an organization's Information Security Officer (ISO). Flexible plans exist to address policies, and manage compliance/security projects.
  5. Online Store

    • Online Store

      Download privacy & security policy templates, register for CHP & CSCS classes, access quick reference cards on ISO 27000, HIPAA, HITECH, PCI DSS, NIST, and so much more, exclusively at the Online Store.
    • Checklist

      The Checklist for Information Security includes all of the Checklist documents published by ecfirst.
    • Policy templates

      The ecfirst policy template documents can be easily customized to meet the specific requirements of any type of organization.
Online Store
HIPAA Security Rule

The HIPAA Security Rule establishes national...