partners
TOGETHER
About HIPAA Risk Assessments ... (Continued from page 21)
• Phase 1 - Scope It
The first phase involves scoping the
system to understand its boundaries,
criticality, and sensitivity in the following
areas:
• Software
• Hardware
• Mission
• Personnel
• Interfaces and integration
• System and data criticality
• System and data sensitivity
• Phase 2 - Gap Assessment
During this phase, systems are assessed to
uncover vulnerabilities in terms of:
• Security violations
• Industry standards (ISO, CIS, NIST)
• External intel
• An analysis of the current controls is
also conducted to determine whether
they are complete according to practice,
If your security is breached, service delivery will be
affected, thus putting patients’ lives at risk.
formalized and repeatable, or nonexistent.
• Phase 3 - Risk Analysis
Once the vulnerabilities are identified,
the risk they pose to the organization is
analyzed based on the threat of the source
as well as their capability and motivation.
This analysis also involves assessing the
effectiveness of current controls and the
level of impact on operations, finances,
and the reputation of a company if the
threat occurs.
• Phase 4 - Control Recommendations
To ensure clients’ data is protected,
GreyCastle recommends controls to
mitigate risk. These recommendations
will be based on:
• Laws and regulations
• Organizational policy
• Impact on operations
• Feasibility
• Cost-benefit analysis
• Safety and reliability
Once all the four phases of risk assessment
are conducted, senior leadership will receive
a report on the findings and recommended
controls. The report will assist with decision
making on matters of budget and operations.
HIPAA Is More than About
Cybersecurity
Primarily, HIPAA rules are designed as
protective measures against increasing
cyber threats. However, HIPAA goes beyond
protecting information and into saving lives. If
your security is breached, service delivery will
be affected, thus putting patients’ lives at risk.
Are you looking for a cybersecurity company
with experience in healthcare and HIPAA?
GreyCastle Security helps organizations
achieve HIPAA compliance through risk
assessments and staff training. Reach out to
GreyCastle Security today to achieve HIPAA
compliance.
About GreyCastle Security
GreyCastle Security is a proud partner of
LeadingAge New York. GreyCastle Security
is a leading healthcare cybersecurity
readiness provider, with expertise in risk
mitigation, HIPAA compliance, certification,
and privacy. From budgetary restraints to
earning executive buy-in, we’ve seen it all
and understand not all cyber roadblocks are
created equal. That’s why our award-winning
solutions and project plan roadmap are
customized for your healthcare organization.
Headquartered in Troy, New York, our work
has been peer-recognized on a national
basis. We have earned clients trust as their
cybersecurity advisor in over 80% of states
across the United States while also routinely
supporting our clients in India, China, and
the EU.
GreyCastle Security is a subsidiary of
Assured Information Security (AIS). For
more information about who we are and
what we do, visit greycastlesecurity.com.
22 Adviser a publication of LeadingAge New York | Summer 2020