1. Our Services

    • Risk Assessment

      It is a HIPAA & HITECH MU/EHR mandate. It is an introductory clause in the ISO 27002. Small practices, large health systems, business associates must comply.
    • Business Impact Analysis (BIA)

      Compliance mandates require a Business Impact Analysis (BIA) exercise to be conducted and the IT Disaster Recovery Plan (DRP) to be created and updated reqularly. Are you prepared?
    • Disaster Recovery Plan (DRP)

      Once the BIA is completed, Contingency Plans can be developed using the information identified in the BIA. Typically, two types of Contingency Plans will need to be developed: Emergency Mode Plans for business unit recovery and Disaster Recovery Plans (DRP) for Information Technology (IT) systems and infrastructures.
    • ISO 27000 Consulting & Training

      Discuss ISO 27000 solutions from ecfirst, including ISO 27000 training (one day workshop), ISO 27799 training (one day workshop), ISO 27002 risk assessment and remediation services.
    • Technical Vulnerability Assessment

      One in four has reported a data breach. Compliance mandates require the infrastructure to be assessed from the outside (external), from the inside (internal), firewall (DMZ) and wireless.
    • On Demand Security Consulting

      We at ecfirst refer to this consulting model as - "you can do it, we can help." ecfirst resources may be applied to work along with your IT and compliance personnel to help create and update information security policies, technical procedures, processes, forms, supporting documentation and other required tasks.
    • Managed Compliance Consulting

      Managed Compliance Services Program is tailored to meet HIPAA's requirements and provide you with specialized capability in the areas of vulnerability assessments, BIA and contingency planning, training and certification, as well as audit and evaluation.
  2. Press Release

    • Prepared for HIPAA Audits in 2015?

      "Reduce Risk with Managed Compliance from ecfirst! Over $25 M in HIPAA Fines & 31 M Records Compromised!"
    • Technical Vulnerability Assessment is a HIPAA Compliance Mandate

      "A key requirement of the HIPAA Security Rule compliance mandate is that organizations’ must conduct a comprehensive and thorough assessment of the potentials risks and vulnerabilities to the confidentiality, integrity, and availability of all sensitive information such as PII or PHI."
    • Data breach results in $4.8 million HIPAA settlements

      "Two health care organizations have agreed to settle charges that they potentially violated the HIPAA Privacy and Security Rules by failing to secure thousands of patients EPHI held on their network. The monetary payments of $4,800,000 include the largest HIPAA settlement to date."
    • Information Security Staffing Program (ISSP) from ecfirst

      "ecfirst, an organization rich in hands-on experience delivering information security services across all States in the USA provides the industry’s most flexible program for security staffing. ......"
    • Toolkits for HIPAA, ISO & PCI DSS Released

      "Compliance regulations, such as HIPAA and HITECH, as well as information security standards, such as PCI DSS, ISO 27000 and NIST, establish requirements for mobile device security......"
    • iPCR Product from Forte, Validated as HIPAA Compliant by ecfirst

      "Forte Holdings has combined technological expertise with input from medical workers to develop software that supports and improves patient care and administrative processes within the healthcare industry....."
    • Skagit County, Washington Breach Report Leads to OCR Investigation & HIPAA Fine

      "Skagit County, Washington, has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules....."
  3. News & Events

    • Pabrai Security Video Brief

      Checklist for Information Security. Best Practices & Enabling an Audit Ready Program
    • Security Regulatory Compliance Training (CHP+CSCS™)

      This event includes the Certified HIPAA Professional™ (CHP) program as well as the Certified Security Compliance Specialist™ (CSCS™) program...
  4. Virtual ISO

    • Virtual ISO

      ecfirst provides expertise to serve as an organization's Information Security Officer (ISO). Flexible plans exist to address policies, and manage compliance/security projects.
  5. Online Store

    • Online Store

      Download privacy & security policy templates, register for CHP & CSCS classes, access quick reference cards on ISO 27000, HIPAA, HITECH, PCI DSS, NIST, and so much more, exclusively at the Online Store.
    • Checklist

      The Checklist for Information Security includes all of the Checklist documents published by ecfirst.
    • Policy templates

      The ecfirst policy template documents can be easily customized to meet the specific requirements of any type of organization.