Keeping Information Safe
Our risk assessments are readable, comprehendible and actionable; and we provide the latest solutions for secure wireless migration, disaster recovery planning, and vulnerability protection.
Health IT Security
PHA’s Health IT Security specialists consult, educate, train and guide IT practices and hospitals throughout the Midwest. Our rates are affordable and our reputation is impeccable.
Last year alone, we were on-site at more than 600 healthcare facilities, providing assessments, testing, audits, project management, training and other services.
Our core team of security professionals comes with a wide range of educational and technology backgrounds as well as industry certifications from (ISC)²; the SANS Institute; and the Information Systems Audit and Control Association (ISACA).
Click here for larger view.
Security Risk Assessments — In preparation for both HIPAA and Meaningful Use audits, we work onsite, interviewing key staff, conducting physical walk-throughs of facilities, and performing the reviews, scans, and assessments necessary to create a realistic security and privacy remediation plan. Our assessment includes:
- Documentation Review
- Administrative Controls Review
- Network Architecture Review
- Vulnerability Analysis
- Physical Walk-through
- Configuration Review
- Audit Testing
To inquire about having PHA perform your next SRA, please fill out this short questionnaire.
External Vulnerability Assessments (EVA) — To identify vulnerabilities within your Internetfacing infrastructure and attached network systems. We can manage for risk environment or provide one-time testing. Our remote EVAs include:
- an external scan of IP addresses;
- a meta-data analysis of your domain; and
- a DNS / Whois record review.
Technology Assessments — An onsite assessment of your organization’s hardware, software and network, checking network speed and evaluating laptops/ desktops. Post-assessment recommendations on upgrades are aimed at saving you time and money.
Payment Card Industry Data Security Standard (PCI-DDS) Assessments — This is basically HIPAA for charge cards. If you accept credit cards from a major card brand such as Visa, MasterCard, Discover, and American Express, you are required to be compliant of their data security standard. For most organizations, this means completing an annual self-assessment and attestation, which is a technical and arduous task that we can help make easier.
Phishing Testing — We help clients take a proactive approach to see how many of their employees are susceptible to being victimized by a phishing attack in safe and controlled exercise.
Penetration Testing — How vulnerable is your IT infrastructure to exploitation by external adversaries? A penetration test actively tests your security defenses and network configurations to find holes before the bad guys do.
Password Audits — Passw0rd! will meet most basic password requirements, but can be cracked in seconds. Passwords are our first line of defense in protecting data and IT assets, and password audits provide evidence that employees are adhering to password-creation best practices.
PHA will advise you, then equip your team with the tools to facilitate in-house solutions.
- Encryption Strategies
- Secure Wireless Migration
- Disaster Recovery Planning
- Vulnerability Analysis Implementation
PHA provides training for both the IT and non-IT professional (ex: Mobile Technology: Do's and Don'ts for Today's Health Professional; and HIPAA Omnibus: What it means for you) We'd also be honored to speak at your next conference.
Working with Purdue Healthcare Advisors helped to validate what Rush Memorial Hospital has done for years as a leader in rural healthcare informatics...mitigate network security risk.
— Jim Boyer, CIO/VP Technology, Rush Memorial Hospital
We annually review our policies and practices as they relate to compliance with the HIPAA Security Rule to maintain a robust and solid security foundation. Using a third party to perform a risk assessment is an optimal business practice, because an independent security consultant has a fresh set of eyes to better evaluate the risks and vulnerabilities to the confidentiality, integrity or availability of electronic protected health information.
— Bob Havens, Technical Specialist, Hancock Regional Hospital
Purdue receives additional funding to provide support for small practices in CMS Quality Payment Program
Why two-factor authentication should be your organization’s New Year resolution
Purdue Regenstrief Center for Healthcare Engineering announces new director
Happy 20th Birthday HIPAA!
ePHI breach trends should focus security preparedness