Manage your Security and Privacy Program

Working Security and Privacy Program

A Security Program isn't just a firewall or anti-virus software. It’s not just having an I/T guru. A Security Program is a “comprehensive set of policies, processes, and technology” that enable an organization to reduce risk, manage day-to-day secure operations, and respond effectively when incidents occur.

In case after case, organizations suffering breaches are fined for not having a "Security and Privacy Program" in place before the breach occurred.

Protecting the privacy of your customers and securing intellectual property means managing the computing assets and data at the center of your business.

If you’re protecting a single office or twenty, the Working Security and Privacy Program helps you manage and maintain the information security of your organization.

You don’t need to be security expert.

You don’t need to be a computer expert.

We guide you through the landscape of information security, learn about your business and your priorities to build an information security program tailored for you.

We take complex security standards, policies and technology and translate them into guidelines and reminders that enable you to manage risk, maintain policies, train employees, monitor security, and respond to incidents effectively.

Contact us today to learn more about how you can take control of your Security Program.

  • Risk Assessment in the Spotlight

OCRRisk assessment for healthcare providers and business associates is again in the spotlight.   The Department of Health and Human Services is gearing up for a new round of HIPAA audits.   At this point they are surveying 1200 firms and will include business associates.   The results of the survey will be hundreds of audits.  Of continued interest in this round are risk assessments.

Why does risk assessment keep jumping to the front?   Any time we hear of a breach of personal information an investigation follows.   It's very rare that an organization has done nothing to secure data.   The problem is they've done the wrong things.

Risk Assessment is the missing first step in the processing of establishing an effective Information Security program.   It creates a prioritized roadmap for firms to address information security issues.   In short, it tells an organization where to spend their time and money most effectively.  

Too many organizations fall victim to product based compliance schemes thinking that purchasing specific software or hardware products will make them HIPAA compliant.  

When risk assessment is cited as a shortfall, it's a good sign the organization was spending money on security, but wasn't making informed decisions.

The difference between demonstrating due diligence in securing information assets and not can sometimes be as simple as producing the results from an annual risk assessment.   

"We understood that risk, but didn't mitigate it as well as we could," is very different than saying "We never throughout about that risk and instead thought our anti-virus would protect us."   

Resulting costs can include millions of dollars and significant patient attrition.

Read More