Redspin offers additional HIPAA security assessment service for healthcare industry segment

Redspin, a leading provider of information security assessment services today announced an additional HIPAA security assessment service offering for the healthcare industry segment.  The service offering directly addresses requirements of the HIPAA security rule and HITECH act through a risk-based approach that identifies gaps and IT environment and HIPAA security rule requirements.

"Hospitals and IDNs are faced with a challenging task as they must maintain an effective security program to protect patient data, seek efficient mechanisms to meet the security and privacy requirements of the final meaningful use rule and remain consistently compliant with HIPAA regulations," said John Abraham, Chief Executive Officer of Redspin. "The HIPAA security assessment service offers healthcare providers significant advantages in two critical areas - reducing liability and providing the security foundation to enable business efficiency as organizations seek higher patient throughput, increased quality of care, lower administrative costs, and faster revenue collection."

As of July 22, the official federal list of major healthcare information security breaches included 119 incidents affecting almost 5 million Americans. Redspin's HIPAA security assessment service helps healthcare providers answer fundamental questions regarding their information security, privacy and compliance programs including the following areas:

• Are we in compliance with the HIPAA Security Rule?
• Do we have a high risk of data breach of ePHI?
• Can a cyber criminal access our internal data/systems from the Internet?
• Are sufficient controls in place to prevent insider or business associate data theft?
• Where should we focus our resources to protect ourselves from a data breach?
• Is the equipment we've purchased being used effectively?

The assessment service provides a comprehensive review of a healthcare provider's infrastructure, security processes, policies and procedures.  The primary deliverable is a gap analysis to the standards defined in the security rule of the administrative provisions set forth in title II of the HIPAA regulatory requirements.  The service also includes benchmarks to compare with information security program effectiveness with others in the industry as well as recommended actions to meet meaningful use goals and measures as outlined in the final rule.