INFORMATION
SECURITY & PRIVACY CONSULTING
FOR
THE HEALTHCARE INDUSTRY
|
The Marblehead Group is dedicated to privacy and information security, particularly in the healthcare industry where compliance is mandated. We specialize in helping clients understand the real intent of federal, state, and business regulations – and then helping them to comply. While HIPAA was the wake-up call for many organizations, its rules have been followed by the Payment Card Industry Data Security Standards (PCI DSS) affecting every entity that accepts payment in plastic, the Federal Trade Commission’s Red Flags rule affecting any entity that extends credit to its patients and customers, and ever more stringent state privacy and security laws.
We work with clients to identify, assess, and mitigate their privacy and security risks to achieve due diligence and regulatory compliance with reasonable measures.
The Marblehead Group has been an expert security and privacy consultancy since 1999. Our services apply to any industry, and our client list covers the full spectrum of the healthcare industry including:
•
integrated healthcare delivery systems
• academic medical centers
• community hospitals
• small provider groups
• government agencies
• health plans
• business associates such as software vendors
• healthcare professional associations
The
unique qualifications of founder Kate Borten, CISSP, CISM,
and our special focus on healthcare security and privacy
mean that our clients get the best.
|
Security
rule
compliance tips
- Include
the administrative and physical components of security
- not just the technical aspects - in your risk analysis.
- Put
your information security officer (ISO) in
a reporting
relationship
with necessary authority to carry out the security
mission. For example, have the ISO report to
both your CIO and CEO.
- Document
other security roles and their responsibilities, such
as your information owners. Train personnel
in these roles, and hold them accountable.
|
|