PhoenixHealthSystems

Total Security Program Introduction

Healthcare enterprises that succeed in the future must comply with all federal and state regulations including Health Insurance Portability and Accountability Act (HIPAA) privacy and security. The confidentiality and protection of vital information assets through
implementation of effective security controls is critical. Healthcare organizations must understand where and when their organization’s electronic data may be at risk, and take the necessary steps to implement appropriate controls. A thorough risk assessment serves as the foundation for development of a security strategy to mitigate risk. The strategy is put into action through
specific initiatives that align security with business goals and implement security technology into business processes. The result is an integrated, cost-effective solution that addresses the pressing needs of today’s modern healthcare organization.

Assessment Services
Information The Information Security Assessment includes an evaluation of current security processes as compared with industry standards and as required by HIPAA regulation. A complete HIPAA security evaluation is conducted to identify the potential risks, threats and vulnerabilities to the confidentiality, integrity and availability of electronic Protected Health Information (ePHI). Network The Network Vulnerability Assessment includes an evaluation of your network assets and identification of potential risk areas and level of regulatory compliance. Facility The facility security assessment includes recommendations for remediation in four key components: Threat analysis and identification; Current state review; Vulnerability assessment; and Gap analysis and identification.	Disaster Recovery Disaster recovery planning includes an assessment of your ability to effectively maintain information systems operation during a disaster, and your capacity for recovery of operations following a disaster. Deliverables include recommendations for improvements and development of a recover strategy. Identity Theft The identity theft assessment assists organizations in reducing the risks associated with identity theft and compliance with the Fair and Accurate Reporting Act (FACTA). Phoenix conducts a current-state assessment and provides recommendations for development of a go-forward process.

Remediation Services
Risk Analysis and Planning Risk Analysis and Planning includes conducting a detailed assessment of risk utilizing Phoenix’s proprietary Risk Management Methodology for Healthcare Organizations (based on the NIST Security Risk Management Guide for IT Systems). Goals include identification and prioritization of risk mitigation activities and the creation of a formal Security Implementation Plan. Training Security, privacy, facility, disaster recovery and identity theft training is customized to meet your specific needs and can be delivered in a formal instructor-led classroom setting or via video training, or web conferencing.	Staff Augmentation Phoenix can provide an interim Information Security Officer or other security management staff for organizations experiencing unexpected turnover or needing a quick solution to maintain stability and continuity during transition. Phoenix offers only skilled individuals with direct and successful security management experience. Policy and Procedure Development Phoenix can deliver a robust set of security and privacy policies and procedural documentation that are customized from our industry-standard templates or created to meet your specific needs.

Monitoring Services
Security monitoring services include providing periodic evaluations, testing, or ongoing monitoring of security activities and practices. This allows your organization to improve security controls while, at the same time, validating that these controls continue to operate as intended.	call 1.214.261.0660 for more information 1130 East Arapaho Rd, Suite 500 • Richardson, TX 75081 info@phoenixhealth.com