Learn what you need to know to become compliant. Not only does this help avoid penalties and legal action, but it’s good business. It protects your reputation and your patients and customers. THE MARBLEHEAD GROUP walks your organization through security and privacy regulations and explains what they really mean – whether HIPAA rules, FTC rules, or the credit card industry security requirements. We translate into plain language and help you relate government and industry expectations to your own organization's practices. In that way, you can clearly see the issues and the impact.

Get the foundation you need for successful and comprehensive privacy and security programs by learning the difference between them, the meaning of common terms, and discovering industry expectations and international privacy and security standards.


Risk Assessment





If you can't measure it, you can't manage it. Organizations need to see the whole picture of work to be done before plunging ahead and suffering tunnel vision. A solid plan lets you prioritize, schedule resources, and track progress to completion - with confidence that you'll make your deadlines.

So how do you get a plan like that? THE MARBLEHEAD GROUP performs privacy and security risk assessments and gap analyses for clients, forming the basis of the workplan. This will show you where your organization is deficient - both in terms of containment of threats and vulnerabilities to protected information, and in terms of compliance with regulatory requirements. Those deficiencies become the target of the tasks comprising your workplan.


Project Management

THE MARBLEHEAD GROUP helps organizations define new roles and responsibilities to prepare you to address new and expanded regulatory requirements and to carry out the project workplan. We will develop the project workplan or assist you in that effort. We provide project management expertise to keep everyone on track. We provide regulatory and healthcare expertise to clarify HIPAA, Red Flags, and other rules’ intent at a detailed level. And we use our extensive background in this niche to help you identify cost-effective, efficient, and compliant solutions.



THE MARBLEHEAD GROUP provides guidance to your staff, or directly performs tasks on your workplan if you choose.  We do this in such areas as development of policies, forms, procedures, technical standards, and security RFPs if you are considering new systems.  Our services can also include preparing your workforce education strategies and content, and providing training.


Compliance Evaluation
Many regulations – including HIPAA and the FTC’s Red Flags rule – require periodic evaluations or compliance audits of your privacy and security controls. This is not just necessary for regulatory compliance, but it is also good business practice to ensure your investments in security and privacy are fruitful. A compliance audit is an opportunity to formally evaluate the effectiveness of your processes. THE MARBLEHEAD GROUP examines your current security and privacy posture and compares it to your policies and standards, as well as to regulatory requirements and best practices. We bring an objective and expert perspective to confirm your program's strengths. And we identify weaknesses and their solutions so your organization can address them before they lead to problems.


© 2009   The Marblehead Group    1 Martin Terrace • Marblehead, MA • 01945    Tel: 781/639-0532 •