HIPAA Privacy and Security Rule Services

Secure health data throughout the care continuum

With the healthcare industry in a constant state of change and the threat landscape rapidly escalating, healthcare providers, life sciences organizations and their service providers must go beyond HIPAA compliance requirements. They need to implement advanced security technologies and sophisticated risk management practices to provide the level of data protection and risk reduction needed today.

Coalfire helps covered entities and business associates secure their environments and technologies to protect patient data throughout the care continuum.

Our compliance and risk assessment services are foundational to the regulatory requirements of the HIPAA Privacy, Security, and Breach Notification Rules. These services represent the basic level of compliance for organizations that create, receive, maintain, or transmit protected health information (PHI). Whether your data resides on wearables, patient intake forms, medical devices, or in the cloud, we provide a refined approach for data protection that satisfies industry regulations with deep-dive, technical capabilities to improve your security posture. We also help business associates deliver the highest level of data protection for their healthcare customers that gives them a competitive differentiator and increases revenue.

Our services include:

  • HIPAA FastTrack Toolkit – HIPAA compliance is heavily focused on policies and procedures related to how organizations safeguard PHI. To address this need, Coalfire offers a FastTrack Toolkit for organizations looking to jumpstart their HIPAA policies and procedures. Included are over 80 policies and step-by-step procedures, resulting in over 400 pages of detail – all fully customizable. The toolkit helps to expeditiously upgrade existing policies and procedures that align to all HIPAA Security and Breach Notification Rule requirements.

  • HIPAA Risk Assessment  – Risk assessments are a requirement of the HIPAA Security Rule and Meaningful Use attestation. They are often overlooked or performed unsatisfactorily as reported by the OCR during breach investigations. Coalfire’s risk assessment approach is anchored by the NIST 800-30 methodology and represents a comprehensive look at vulnerabilities posed by today’s cyber threats. This service also includes an analysis of an organization’s control posture to determine its level of residual risk. Coalfire’s HIPAA risk assessments have been reviewed by the OCR during many breach investigations.

  • HIPAA Security Rule Gap and Compliance Assessments  – Coalfire offers a gap assessment service that’s been meticulously designed to unveil areas of non-compliance and heightened risk. Organizations looking to satisfy an audit or investigation by the OCR will benefit from Coalfire’s compliance assessment. This assessment looks beyond the design of a control by including detailed testing to ensure satisfactory safeguards have been defined, implemented, and are operating effectively. Both assessments are linked to the requirements of the HIPAA Security and Breach Notification Rules, but are based on Coalfire’s custom-built approach that leverages the OCR Audit Protocol, industry frameworks (e.g., NIST 800-53), and personal experiences working with the OCR.

  • HIPAA Privacy Rule Assessment –Similar to services that address the HIPAA Security Rule, Coalfire offers assessments geared towards ensuring compliance with the HIPAA Privacy Rule. Coalfire assesses an organization’s compliance posture through the design, implementation, and effectiveness of controls. For areas where gaps or deficiencies are noted, we provide detailed recommendations to assist with remediation efforts.

  • Custom Training, Workshops, and Advisory – We understand that each organization faces unique challenges, so we have healthcare experts on hand to assist with all HIPAA-related needs.

Why Choose Coalfire for your HIPAA needs?

We work with covered entities and business associates that are serious about cybersecurity and want more than check-the-box compliance.

  • Coalfire has been a leading cyber risk management and compliance advisory firm for healthcare organizations since 2001. We assess hundreds of technology offerings in the care continuum – from medical devices and software to population health, revenue cycle management and telemedicine solutions. Our process provides a holistic view of security to achieve optimal, value-based patient outcomes.

  • Our experience working with the Department of Health and Human Services, Centers for Medicare and Medicaid Services (CMS), and the Office for Civil Rights allows us to apply best practices in regulated compliance to healthcare organizations.

  • We are one of the original HITRUST CSF assessor firms with over five years of experience and hundreds of HITRUST CSF assessments. This allows our practitioners to bring a more prescriptive approach to HIPAA engagements.

  • Coalfire’s assessors specialize in healthcare services, are HITRUST Certified Common Security Framework Practitioners (CCSFP), and maintain multiple security-related certifications.

  • CoalfireOne provides a robust, easy-to-use hub for accessing your Coalfire services and projects. The secure platform helps you manage the administrative, analytical and technical aspects of your projects, all in one place.

  • Coalfire continually educates the industry about healthcare cybersecurity through event presentations, webinars, case studies and white papers.

Industry Resources