Compliance Services - Health IT

Procedure Authoring

In order to achieve end-to-end security for hosted systems, the delineation of responsibilities between the outsource provider and the customer is critical.  Our HIPAA compliant data center has a fully implemented Information Assurance program including policies, procedures etc. however it is recommended that procedures be developed on the customer side to assure data is protected at each step in the business process (e.g. administration and user activities). 

IT Quality Auditing

Typically the first step in IT auditing is a risk assessment.  The risk assessment identifies the risks that your outsourced IT services present to your business operations.  Once a risk assessment has been completed our team will partner with the customer to complete a comprehensive audit of key data center controls as they related to the identified risks.  The audit will provide assurance that pre-established control objectives in the areas of regulatory compliance, security, confidentiality, integrity, and availability are in place.  Additionally our IT Assurance team can work with an organization to identify and remediate risks at the customer site(s) to assure the integrity and security of health data before it is sent to our data center.

Software Testing

Full testing of your hosted cloud or server can be provided by our Information Assurance Team.  Our testing efforts will be risk-based assuring that the appropriate level of testing is completed.  Typical testing deliverables will include:

• Test Plan
• Test Protocol
• Requirements/ Specifications
• Risk Assessment
• Test Coverage Matrix
• Final Summary Report

Disaster Recovery Testing

Documented disaster recovery testing is a requirement by some regulatory bodies.  Periodic testing to demonstrate the disaster recovery process is still working as expected is recommended however the level of documentation will vary depending on the type of data being recovered.  Our Information Assurance Team will provide fully documented test results at agreed-upon intervals to satisfy our customers requirements.

Risk Assessments

Our Information Assurance Team can help you identify, govern and manage risks associated with outsourcing your regulated IT systems/ data.  Risk assessments play an important role in developing a SLA, meeting regulatory requirements and driving the appropriate level of control and testing on your outsourcing solution.  Our CISA certified staff will spend the necessary time to understand your business/ compliance needs and provide the technical details of our data center operations to mitigate risks down to an acceptable level of residual risk.  The final approved document is provided to our customers for inspection readiness.

Periodic Evaluations

Periodic evaluations are an important tool that helps businesses comfirm they are operating in a state of control.  Our staff will perform and document periodic evaluations of hosted systems for customers on periodic basis.  Change requests, help desk tickets, intrusion detection, and other operational statistics will be compiled into an easily readable report and provided to our customers.