HIPAA Compliance Review

The scope of our HIPAA Compliance Review includes three key areas: Physical Safeguards which includes walk-through of the IT environment, Administrative Safeguards which includes review of existing policies and interviews with key personnel, and Technical Safeguards which includes internal and external security scanning.
Click here to pdf brochure.

The Quick Read

	Provide quick “snap-shot” of your current HIPAA Compliance
	You need help if you manage, process, transact or store patient identifiable information
	Organizations are accountable even if they use a 3rd party provider
	Click Here to download HIPAA Compliance Review (pdf)

Who Should Consider a Healthcare Information Portability, Accountability Act (HIPAA) Compliance Review?

	Organizations that interact with, manage, store or transmit Patient Identifiable Information (PII).
	Organization that want to understand their level of compliance with HIPAA Privacy Regulations and the HIPAA Security Rule.
	Organizations that have achieved compliance in the past should consider an annual review of your current compliance to ensure adherence to set policies and standards.

What is a HIPAA Compliance Review?

The scope of our HIPAA Compliance Review includes three key areas:

	Physical Safeguards which includes walk-through of the IT environment,		Administrative Safeguards which includes review of existing policies and interviews with key personnel,
	Technical Safeguards which includes internal and external security scanning.

Specifically, Arsenal Security consultants will examine 10 key areas:

	Security Policy		Communications and Operations Management
	Security Organization		Access Control
	Asset Classification and Control		System Development and Maintenance
	Personnel Security		Business Continuity Management
	Physical and Environmental Security		Compliance

What is the engagement process and what are the deliverables of a HIPAA Compliance Review?

After an initial call, the Arsenal Security Group Partner will prepare a statement of work within 2 days and we normally can begin an engagement within one week. During the engagement we will use interviews, questionnaires, physical tours and technical tools to conduct our assessment. We usually use 1-2 consultants in tandem with our Partner to complete an engagement. We will provide a bound executive summary, an on-site presentation, and a detailed report with all of our findings and detailed recommendations. Our engagement is not complete until all of our deliverables have been reviewed and accepted by the client.

About Arsenal Security Group
Arsenal Security Group is a small firm that is focused on close client coordination. From the initial meeting through the final presentation, one of Arsenal Security Group’s Senior Information Security Professionals will be the primary contact for the engagement. We conduct weekly calls with our client when engaged and meet with clients on a quarterly basis to review their security posture even when we are not actively engaged on assignment to ensure they are aware of new security risks or regulatory changes.