CliftonLarsonAllen (CLA) can assist you with an organizational security self-assessment or validate your evaluation of the security control environment within your health care organization.
What’s on your mind?
- Evaluating and validating the security of your organization
- Providing validation services so your organization can become certified
- Complying with regulations and standards related to
- Health care (HIPAA)
- Third party (Payment Card Industry [PCI], Control Objectives for Information and Related Technologies [COBIT])
- Government (National Institute of Standards and Technology [NIST], Federal Trade Commission [FTC])
- Shaping a comprehensive health care cybersecurity (IS) plan for the organization
Background
HITRUST has developed the HITRUST CSF that integrates the elements of IS controls from a variety of authoritative sources. Prescriptive controls provide the requirements for policy, procedure, implementation, monitoring, and management. Evaluating the effectiveness of these controls provides an opportunity for your organization to gauge the overall maturity of your security program.
Experience our client-focused approach
As part of the assessor program, CLA practitioners are certified to validate your organization’s program maturity in alignment with these prescriptive controls. By helping you with a self-assessment or validating your stated controls, we will provide the right amount of support. We can partner with you as you navigate through this seemingly treacherous minefield of security and compliance.
HITRUST services for health care providers
- Internal audit
- Provide support during the self-assessment
- Simplify compliance by utilizing one consistent approach of reporting compliance to internal and external stakeholders
- Validate the maturity of your organization’s security environment
- Perform a SOC2 attestation using the HITRUST CSF
- Perform technical testing, such as internal vulnerability assessments, wireless assessments, and penetration testing