How CoreRecon Can HelpAs the foremost expert in HIPAA IT security and compliance, CoreRecon understands that “one size does not fit all” when it comes to business associates and their subcontractors. To determine the appropriate scope of work, we focus on 6 key variables – the quantity of PHI handled by your organization, how it is received and transmitted, the manner in which it is used, where it is stored, who has access to it, and how it is destroyed. We then tailor our assessment to meet your specific needs. Large business associates may warrant a full HIPAA Security Risk Analysis, similar to those conducted for hospitals. Small BAs may house PHI on a single server with one user and just need to make sure it can’t be hacked from outside. Still others may use PHI in a web application with dozens of users, roles, and processes, each of which could be vulnerable to attack. CoreRecon’s breadth of security services enables us to address the diverse needs of these wide-ranging businesses. These include: internal and external penetration testing, web application assessments, mobile device security (including BYOD), and social engineering.
- Meets HITECH, HIPAA Omnibus, and HIPAA Security Rule requirements
- Tailors assessment to each BAs size, need, risk-level, and budget
- Lowers risk of PHI data breach and possible civil monetary penalties
- Delivers risk-rated findings help prioritize budget and resource allocation
- Provides actionable, risk-rated recommendations for remediation
- Fulfills contractual obligations to covered entity partners
- Increases security awareness throughout the organization