Sunera provides information security, data privacy, internal audit and IT related solutions to all sectors of the healthcare industry including: medical services providers (public/private hospitals, hospice, assisted living facilities, skilled nursing and long term care, specialty care); insurance; pharmaceuticals; staffing; and, device manufacturing and distribution. Our professionals have a unique mix of healthcare operations, risk & regulatory, and technology knowledge that enables us to deliver solutions to clients of any size and complexity.
Our service offerings are designed to meet the diverse needs of the healthcare industry and incorporate proven methodologies, adapted to specific healthcare sectors, to provide business and technology solutions that effectively manage risk.
HIPAA Security and Privacy Rule
With a growing reliance on information technology in the Healthcare Industry and the adoption of electronic medical records (EMR), it is crucial to ensure the safe handling of sensitive data. Additionally the passage of the HITECH Act (part of the American Recovery and Reinvestment Act of 2009) has increased the criminal penalties associated with HIPAA not only to covered entities but to individual employees of covered entities and business associates. This renewed focus on HIPAA makes it even more important for healthcare organizations to ensure appropriate controls and safeguards have been implemented to prevent unauthorized access and disclosure of sensitive patient data.
Sunera can provide an evaluation of your organization’s posture with regards to the HIPAA Security and Privacy Rule. Beginning with a discovery phase, we can gain an understanding of your business (through interviews, observation and documentation reviews) and ascertain the operational infrastructure and processes that are in scope for HIPAA. Using the information compiled in the discovery phase, we conduct a gap analysis, identifying the controls which are “Not in Place”, further classified by the “Required” or “Addressable” specifications as defined by the HIPAA Standard. Furthermore, we can provide a Compliance Roadmap to assist management with either remediating deficiencies or defining appropriate mitigating controls.
Breach Notification Assistance
Nearly half a million people have their medical identities stolen each year. On August 24, 2009, the Department of Health and Human Services (HHS) published regulations that imposed significant new breach notification obligations upon covered entities and business associates subject to HIPAA. These Regulations require entities to provide notification to affected individuals, the media, and/or the Secretary of HHS following the detection or discovery of a breach of Unsecured Protected Health Information (unsecured PHI)
Sunera can provide assistance with the creation of incident response procedures and an operational work flow outlining the steps that should be taken immediately following a potential breach. This work flow will help guide your organization through the required steps to ensure compliance with state breach notification laws, HITECH Act, and other privacy regulations that may be applicable.
Pre and Post System Implementation Audits
Nearing the end of an integration project and need to make sure you are in compliance with HIPAA and HITECH? Sunera can determine if your company is ready to “go-live” by performing a pre-integration review. We examine all components of the integration project to determine the entity's readiness including testing, reporting, data conversion, training, user documentation and control processes. This service helps organizations manage the risks of “go-live”.
Our post implementation audits identify both the strengths and the opportunities for system optimization and improvement in internal controls and compliance with HIPAA & HITECH subsequent to "go-live".
Policy and Procedure Development
Policies and procedures establish a baseline by which all work should be performed and help ensure that each task, from the most basic and routine to the most complicated and critical, are executed properly.
Sunera has helped many organizations develop, formalize and/or re-evaluate their policies and procedures to ensure they are meeting the needs of the organization as well as regulatory requirements such as HIPAA. Through observation and documentation along with interviewing business process owners and management, we are able to formalize and optimize the organizations policies and procedures. Furthermore, we are able to ensure they comply with the appropriate laws and regulations, avoid any segregation of duties conflicts, and help protect against security violations.
Information Security
Securing an organization’s data can be both costly and complicated but having an information security breach can be devastating not only to the company’s operations and reputation, but also its customers and employees. Additionally most sectors within the healthcare Industry have the added responsibility of securing patient information.
We have tailored Sunera’s Information Security services to meet the very specific business, technology and compliance needs of the healthcare Industry and to ensure the organization’s data is secure from inappropriate access or disclosure.
Our testing and assessment services include the following:
- Vulnerability & Wireless
- Penetration Testing & Web Application Security
- PCI Compliance & ASV Scanning
- Physical Security & Social Engineering
Additional Services
