It is a HIPAA & HITECH MU/EHR mandate. It is an introductory clause in the ISO 27002. Small practices, large health systems, business associates must comply.
Business Impact Analysis (BIA)
Compliance mandates require a Business Impact Analysis (BIA) exercise to be conducted and the IT Disaster Recovery Plan (DRP) to be created and updated reqularly. Are you prepared?
Disaster Recovery Plan (DRP)
Once the BIA is completed, Contingency Plans can be developed using the information identified in the BIA. Typically, two types of Contingency Plans will need to be developed: Emergency Mode Plans for business unit recovery and Disaster Recovery Plans (DRP) for Information Technology (IT) systems and infrastructures.
ISO 27000 Consulting & Training
Discuss ISO 27000 solutions from ecfirst, including ISO 27000 training (one day workshop), ISO 27799 training (one day workshop), ISO 27002 risk assessment and remediation services.
Technical Vulnerability Assessment
One in four has reported a data breach. Compliance mandates require the infrastructure to be assessed from the outside (external), from the inside (internal), firewall (DMZ) and wireless.
On Demand Security Consulting
We at ecfirst refer to this consulting model as - "you can do it, we can help." ecfirst resources may be applied to work along with your IT and compliance personnel to help create and update information security policies, technical procedures, processes, forms, supporting documentation and other required tasks.
Managed Compliance Consulting
Managed Compliance Services Program is tailored to meet HIPAA's requirements and provide you with specialized capability in the areas of vulnerability assessments, BIA and contingency planning, training and certification, as well as audit and evaluation.
Cyber Risk = Business Risk, An Exec Brief from ecfirst
IRVINE, CALIFORNIA, USA – May 2, 2015: AT&T settles breach for $25M. Target breach settles at $10M, overall costs in nine figures. The risk from cyber attacks is not significant. It is a Board level issue with organizations today. The intent of this brief is to provide actionable information that senior executives...
Information Security Assessment
Cyber Attacks = Business Risk. Prepared?
"Businesses must conduct a comprehensive and thorough assessment of the potential vulnerabilities to the confidentiality, integrity and availability of all confidential information, such as Personally Identifiable Information (PII). Such assessments must be conducted on a regular schedule, and best practice in the industry is to complete this exercise annually."
ecfirst Video: Compliance & InfoSec Solutions
Cyber Attacks = Business Risk
Prepared for HIPAA Audits in 2015?
"Reduce Risk with Managed Compliance from ecfirst! Over $25 M in HIPAA Fines & 31 M Records Compromised!"
Technical Vulnerability Assessment is a HIPAA Compliance Mandate
"A key requirement of the HIPAA Security Rule compliance mandate is that organizations’ must conduct a comprehensive and thorough assessment of the potentials risks and vulnerabilities to the confidentiality, integrity, and availability of all sensitive information such as PII or PHI."
Data breach results in $4.8 million HIPAA settlements
"Two health care organizations have agreed to settle charges that they potentially violated the HIPAA Privacy and Security Rules by failing to secure thousands of patients EPHI held on their network. The monetary payments of $4,800,000 include the largest HIPAA settlement to date."
Information Security Staffing Program (ISSP) from ecfirst
"ecfirst, an organization rich in hands-on experience delivering information security services across all States in the USA provides the industry’s most flexible program for security staffing. ......"
Toolkits for HIPAA, ISO & PCI DSS Released
"Compliance regulations, such as HIPAA and HITECH, as well as information security standards, such as PCI DSS, ISO 27000 and NIST, establish requirements for mobile device security......"
News & Events
Pabrai Security Video Brief
Checklist for Information Security. Best Practices & Enabling an Audit Ready Program
Certified Security Compliance Specialist™ CSCS™, Philadelphia PA
A 2-Day Instructor-Led Security Compliance Program
The complete two-day CSCS™ program is of value to compliance professionals and managers, security officers, security practitioners, privacy officers and senior IT professionals...
ecfirst provides expertise to serve as an organization's Information Security Officer (ISO). Flexible plans exist to address policies, and manage compliance/security projects.
Download privacy & security policy templates, register for CHP & CSCS classes, access quick reference cards on ISO 27000, HIPAA, HITECH, PCI DSS, NIST, and so much more, exclusively at the Online Store.