Security, Inc. Offers HIPAA Security
Support Services for Small and Medium Size
Health Care Organizations
offering provides HIPAA self-certification services
response to growing demand for security expertise in health
care, Practical Security Inc. (PSI) today announced its
offering of a full line of HIPAA support services for
small and medium size health care organizations. The new
services are designed to assist health care organizations
with self-certification for published security criteria
under the Health Insurance Portability and Accountability
Act of 1996 (HIPAA).
HIPAA standards are intended to establish the requirements
for security and privacy of individuals' medical information;
the deadline for compliance under HIPAA is a firm date
of April 14, 2003. The government strongly recommends
"self-certification" because it has not established
a standards body to certify covered entities in compliance
with HIPAA security requirements. PSI's offering is intended
to meet the needs of small-to-mid-sized healthcare companies,
a segment of the market that is often overlooked by large
IT consulting firms.
The following elements comprise the new offering:
- HIPAA Security Audit.
This security audit includes a HIPAA gap analysis
and Business Impact Analysis (BIA) based on the security
provisions of section 142.308 of HIPAA requiring administrative,
physical, and technical control measures to protect
confidentiality (security), integrity, and availability
of protected health information (PHI).
- HIPAA Self-Certification Checkup.
PSI returns periodically to reassess security controls
and processes. This meets the expectation of due diligence
recommended in the published HIPAA guidance documents.
- Third Party Review.
Objectivity is crucial to the validity of the self-certification.
The Department of Health and Human Services (HHS)
has strongly recommended outside review of compliance
in self-certification. Practical Security, Inc. acts
as an external party with adequate training regarding
generally accepted security guidelines and principles.
PSI recently completed a HIPAA security assessment
for Strategic Healthcare Programs LLC (SHP), a Santa
Barbara, Calif.-based service company that provides
statistical analysis of healthcare data to help its
clients develop planning measures.
Barbara Rosenblum, CEO of SHP, said "SHP is a technology
company, but I felt it was critical for SHP to obtain
third party review of our security practices and infrastructure.
PSI gave us the confidence that we are on-track with regard
to the security requirements mandated by HIPAA. I strongly
recommend the services of PSI to managers of covered entities
and business associate organizations."
Paul E. Proctor, president of Practical Security said
"Smaller health care organizations have been left
behind as the compliance deadlines approach. Recent surveys
show that smaller organizations have done the least in
preparing for HIPAA compliance. We hope these affordably-priced
services will help close the readiness gap."
These services are available now. For more information
Practical Security Inc.
Founded in 2002, Practical Security Inc. (PSI) is
an information security services company dedicated to
helping organizations of all sizes secure their mission
critical information technology assets. Practical Security
provides a practical and educational advantage to companies
seeking ways to safeguard their information assets by
helping employees at all levels be better prepared to
detect, analyze and prevent IT security breaches. For
more information on PSI, visit www.practicalsecurity.com.
in December 2002, PSI Training is a separate business
unit spin-off of Practical Security Inc. that provides
information security training classes for business professionals
via a variety of electronic means. Classes on CD, audio/video
presentations and instructor-led Webcasts will be distributed
through strategic marketing partners and direct from
PSI Training, downloadable via the Web at practicalsecurity.com/training.html.
Beth Walsh, 858/724-2500