IT Assessment

Health information technology assessment

circuit-board

Click here to download our HIPAA requirements overview!

The Administrative Safeguards provisions in the Security Rule require covered entities to perform risk analysis as part of their security management processes.

A risk analysis process includes, but is not limited to, the following activities:

Evaluate the likelihood and impact of potential risks to e-PHI;
Implement appropriate security measures to address the risks identified in the risk analysis;
Document the chosen security measures and, where required, the rationale for adopting those measures; and
Maintain continuous, reasonable, and appropriate security protections.

Risk analysis should be an ongoing process, in which a covered entity regularly reviews its records to track access to e-PHI and detect security incidents, periodically evaluates the effectiveness of security measures put in place, and regularly reevaluates potential risks to e-PHI.

HITECH – Meaningful use

IDTSOA offers a comprehensive and competitively priced computer based risk analysis (CBRA) that meets the required standards for meaningful use.

Controls Based Risk Assessment-

The Controls Based Risk Assessment is used to provide insight into the types of controls in relation to the classification level of information present on each information asset of the organization.

Objectives:

A clear description of each information asset
Classification of information on that asset
Initial risk of the asset
Description of controls and types of controls
Covering the asset
Residual risk after mitigation
Prioritized suggestions for improvement

External Vulnerability Assessment-

The External Vulnerability Assessment is designed to not only test available ports and services for known vulnerabilities, but also checks various Internet resources for information that would be harmful or present an exposure to the organization.

Objectives:

Identification of detected external vulnerabilities
Documentation of ports and services available to “anonymous” sources
Documentation of external information from various resources that may present concern to the organization
Prioritized suggestions for improvement and mitigation

Internal Vulnerability Assessment-

The Internal Vulnerability Assessment is designed to test available ports and services for known vulnerabilities, as well as various configurations, patch levels and architecture that may be detrimental to the security stance of the organization.

Objectives:

Identification of detected vulnerabilities
A prioritized list of mitigation steps
Documentation of ports and services evaluated
Documentation of detected configuration issues
An executive level overview report
A technical level report

To get a price estimate or if you have additional questions about the CBRA, please call a representative at (800)735-4850.

IDTSOA BLOG

Do YOU feel safe?

April 02, 2014 | Kevin Putnam

Is it just me or has everyone else also given in to the fact that no matter how much we work to protect ... Continue Reading »

Another satisfied client!

October 15, 2013 | Kevin Putnam

We are so pleased to be able to continually provide our prevention programs to so many organizations looking for a comprehensive and effective ... Continue Reading »

Explore IDTSOA

Connect

Health information technology assessment

HITECH – Meaningful use

Controls Based Risk Assessment-

External Vulnerability Assessment-

Internal Vulnerability Assessment-

Request more information

Recent Tweets

Inside the Industry

Do YOU feel safe?

Our Clients Say

IDTSOA BLOG

Do YOU feel safe?

Another satisfied client!

Explore IDTSOA