The Marblehead Group is dedicated to privacy and information security, particularly in the healthcare industry where compliance is mandated. We specialize in helping clients understand the real intent of federal, state, and business regulations – and then helping them to comply. While HIPAA was the wake-up call for many organizations, its rules have been followed by the Payment Card Industry Data Security Standards (PCI DSS) affecting every entity that accepts payment in plastic, the Federal Trade Commission’s Red Flags rule affecting any entity that extends credit to its patients and customers, and ever more stringent state privacy and security laws.

We work with clients to identify, assess, and mitigate their privacy and security risks to achieve due diligence and regulatory compliance with reasonable measures.

The Marblehead Group has been an expert security and privacy consultancy since 1999. Our services apply to any industry, and our client list covers the full spectrum of the healthcare industry including:

• integrated healthcare delivery systems
• academic medical centers
• community hospitals
• small provider groups
• government agencies
• health plans
• business associates such as software vendors
• healthcare professional associations

The unique qualifications of founder Kate Borten, CISSP, CISM, and our special focus on healthcare security and privacy mean that our clients get the best.

Security rule
compliance tips

  • Include the administrative and physical components of security - not just the technical aspects - in your risk analysis.
  • Put your information security officer (ISO) in
    a reporting relationship
    with necessary authority to carry out the security mission.  For example, have the ISO report to both your CIO and CEO
  • Document other security roles and their responsibilities, such as your information owners.  Train personnel in these roles, and hold them accountable.



© 2009   The Marblehead Group    1 Martin Terrace • Marblehead, MA • 01945    Tel: 781/639-0532 •