1. Our Services

    • MARS-E, Exchange Security

      Discuss your priorities for MARS-E assessment and how ecfirst can partner with your entity to meet the minimum set of standards that Exchanges must address.
    • Risk Assessment

      It is a HIPAA & HITECH MU/EHR mandate. It is an introductory clause in the ISO 27002. Small practices, large health systems, business associates must comply.
    • Business Impact Analysis (BIA)

      Compliance mandates require a Business Impact Analysis (BIA) exercise to be conducted and the IT Disaster Recovery Plan (DRP) to be created and updated reqularly. Are you prepared?
    • Disaster Recovery Plan (DRP)

      Once the BIA is completed, Contingency Plans can be developed using the information identified in the BIA. Typically, two types of Contingency Plans will need to be developed: Emergency Mode Plans for business unit recovery and Disaster Recovery Plans (DRP) for Information Technology (IT) systems and infrastructures.
    • ISO 27000 Consulting & Training

      Discuss ISO 27000 solutions from ecfirst, including ISO 27000 training (one day workshop), ISO 27799 training (one day workshop), ISO 27002 risk assessment and remediation services.
    • Technical Vulnerability Assessment

      One in four has reported a data breach. Compliance mandates require the infrastructure to be assessed from the outside (external), from the inside (internal), firewall (DMZ) and wireless.
    • On Demand Security Consulting

      We at ecfirst refer to this consulting model as - "you can do it, we can help." ecfirst resources may be applied to work along with your IT and compliance personnel to help create and update information security policies, technical procedures, processes, forms, supporting documentation and other required tasks.
    • Managed Compliance Consulting

      Managed Compliance Services Program is tailored to meet HIPAA's requirements and provide you with specialized capability in the areas of vulnerability assessments, BIA and contingency planning, training and certification, as well as audit and evaluation.
  2. Press Release

    • Information Security Staffing Program (ISSP) from ecfirst

      "ecfirst, an organization rich in hands-on experience delivering information security services across all States in the USA provides the industry’s most flexible program for security staffing. ......"
    • Toolkits for HIPAA, ISO & PCI DSS Released

      "Compliance regulations, such as HIPAA and HITECH, as well as information security standards, such as PCI DSS, ISO 27000 and NIST, establish requirements for mobile device security......"
    • ISSA Phoenix Features Pabrai Brief on BYOD & Compliance Mandates: Audit Ready? April 8, 2014

      "Compliance regulations, such as HIPAA and HITECH, as well as information security standards, such as PCI DSS, ISO 27000 and NIST, establish requirements for mobile device security......"
    • iPCR Product from Forte, Validated as HIPAA Compliant by ecfirst

      "Forte Holdings has combined technological expertise with input from medical workers to develop software that supports and improves patient care and administrative processes within the healthcare industry....."
    • Skagit County, Washington Breach Report Leads to OCR Investigation & HIPAA Fine

      "Skagit County, Washington, has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules....."
    • Pabrai Compiles HIPAA Security Rule: Reference Guide, A Must Have Colorful Guide to HIPAA Compliance

      "IRVINE, CALIFORNIA, USA – March 2, 2014: The HIPAA regulations require covered entities and business associates to comply with the HIPAA Security Rule ...."
    • Cyber Security & Compliance Expert Pabrai Discuss HIPAA Self Attestation Checklist @ HIMSS, Orlando, Feb 24-25

      "HIPAA (ecfirst) - The Final Privacy and Security Rules of HIPAA have escalated the compliancy efforts of every healthcare organization. ecfirst will present key components of the new regulations..."
    • Cyber Security Expert, Pabrai, Releases Self-Attestation Checklist for HIPAA Compliance

      "IRVINE, CALIFORNIA, USA – Feb 6: We are surrounded by headlines every day about businesses and organizations compromised by cyber attacks."
    • MARS-E, Exchange Security

      "DES MOINES, IOWA, USA – February 6, 2014: There is no integrated, comprehensive approach to security and privacy ..."
    • Middle East Security Conference Features U.S. Cyber Security Expert Pabrai

      "IRVINE, CALIFORNIA, USA - Jan 24, 2014: The recent massive data breach at U.S. retail giant Target is becoming a nightmare."
    • Pabrai Speaks on Cyber Security

      "Pabrai Speaks on Cyber Security Threats in 2014 @ ASIS Middle East Security Conference in Dubai, UAE on February 17"
  3. News & Events

    • Pabrai Security Video Brief

      Checklist for Information Security. Best Practices & Enabling an Audit Ready Program
    • Pabrai Presents on Cyber Security

      Pabrai Presents on Cyber Security & Compliance at Massachusetts Medical Society’s Conference, April 30, 2014
    • CSCS™, Denver May 15-16, 2014

      A 2-Day Instructor-Led Security Compliance Program. CSCS™, World's First Cyber Security & Compliance Program in India! Examine ISO 27000, PCI DSS, HIPAA, HITECH & More. CSCS™ credential is a job-role based designation. This program is designed to enable professionals to understand, prioritize and ultimately assist organizations achieve compliance with information security-based regulations.
    • CSCS™, Bengaluru, IND June 11-12, 2014

      A 2-Day Instructor-Led Security Compliance Program. CSCS™, World's First Cyber Security & Compliance Program in India! Examine ISO 27000, PCI DSS, HIPAA, HITECH & More. CSCS™ credential is a job-role based designation.
    • CSCS™, Chicago, IL June 19-20, 2014

      A 2-Day Instructor-Led Security Compliance Program. CSCS™, World's First Cyber Security & Compliance Program in India! Examine ISO 27000, PCI DSS, HIPAA, HITECH & More. CSCS™ credential is a job-role based designation.
    • CSCS™, Washington, D.C. July 24-25, 2014

      A 2-Day Instructor-Led Security Compliance Program. CSCS™, World's First Cyber Security & Compliance Program in India! Examine ISO 27000, PCI DSS, HIPAA, HITECH & More. CSCS™ credential is a job-role based designation. This program is designed to enable professionals to understand, prioritize and ultimately assist organizations achieve compliance with information security-based regulations.
    • CSCS™, Las Vegas Nov 20-21, 2014

      A 2-Day Instructor-Led Security Compliance Program. CSCS™, World's First Cyber Security & Compliance Program in India! Examine ISO 27000, PCI DSS, HIPAA, HITECH & More. CSCS™ credential is a job-role based designation. This program is designed to enable professionals to understand, prioritize and ultimately assist organizations achieve compliance with information security-based regulations.
  4. Virtual ISO

    • Virtual ISO

      ecfirst provides expertise to serve as an organization's Information Security Officer (ISO). Flexible plans exist to address policies, and manage compliance/security projects.
  5. Online Store

    • Online Store

      Download privacy & security policy templates, register for CHP & CSCS classes, access quick reference cards on ISO 27000, HIPAA, HITECH, PCI DSS, NIST, and so much more, exclusively at the Online Store.
Online Store
HIPAA Security Rule

The HIPAA Security Rule establishes national...