| |
GSG Compliance will be there with you step-by-step
|
|
1. Security Risk Assessment
|
Our team of healthcare information technology experts will utilize the HITRUST Common Security Framework (CSF) and the CSF Assurance Program, the most broadly adopted information security control framework within the healthcare industry to design your Security Risk Assessment.
By leveraging this approach, GSG is able to streamline the risk assessment process by focusing on data‐backed, known high risk areas and those controls defined to be “reasonable and appropriate” for a Covered Entity and/or B.A. environments.
GSG will assist you in completing the assessment. This may include working with your current IT Provider, EHR Vendor, as well as any other business partners that may have access to protected health information ("PHI") or have an influence on your security and privacy. |
| |
|
|
| |
| 2. Information Security Policies |
Our team will also work with you to develop a series of information security policies for the processing, storage, and handling of Protected Health Information (“PHI”) for a Covered Entity and its satellite offices (if applicable), and Business Associate. |
| |
|
|
|
|
| 3. Remediation Plans |
|
The remediation document maps back to the Risk Assessment findings which provides best practice guidance to remediate the identified weaknesses. We refer to this document as a "living document" - meaning it will require continued and consistent follow up by the Covered Entity or Business Associate.
|
| |
|
|