HIPAA / HITRUST
Security, Privacy and Breach Notification Rules
Covered entities and business associates face a challenging compliance issues with respect to complying with HIPAA and HITECH. Security, privacy, and breach notification rules require specific practices to secure protected health information. The HITRUST Common Security Framework (CSF) was developed with HIPAA in mind. HITRUST is now a widely adopted security framework in the healthcare industry. We help companies navigate compliance through the following:
-
Readiness Assessment
We perform an assessment to identify the applicable HIPAA / HITECH regulations, relevant systems and process deficiencies mapping their practices against proven controls and safeguards. The result of this effort will be a detailed roadmap to achieve compliance.
-
HIPAA Attestation
We conduct an independent attestation of your compliance with the privacy, security and breach notification rules.
-
HITRUST Gap Analysis
HITRUST is a widely recognized security framework in the health care world, used to help companies implement controls to meet HIPAA requirements. We help companies get ready to meet the HITRUST Common Security Framework by reviewing your current practices against the HITRUST framework.
-
HITRUST SOC2+ Assessments
We can add HITRUST to your current SOC2 assessment. We will map your existing controls to the HITRUST Common Security Framework, and test and report on them as part of your regular SOC2 assessment. It’s an easy way to show your customers what you’re doing to meet HITRUST requirements.
Jenny Shen
Senior Manager
Jenny joined Cadence in 2015 and leads the HITRUST and HIPAA compliance practice. She is a CISA and CISSP with a special focus on providing HIPAA, HITRUST, and SOC readiness and assessment services to various SaaS companies across multiple industries.
jenny@thecadencegroup.com