The CyberGuard Advantage: Tailored to You
HIPAA/HITECH Privacy & Security
CyberGuard Advantage has assisted many clients in complying with the Health Insurance Portability and Accountability Act (HIPAA) and subsequent Health Information Technology for Economic and Clinical Health (HITECH) Act. The HIPAA Privacy, Security, and Breach Notification Rules define a clear set of policies, procedures, and processes which must be in place for companies that store, process, or transmit electronic protected health information (ePHI). HIPAA applies to healthcare providers, health plans, healthcare clearinghouses, and to any service providers that manage ePHI on behalf of or in service to those entities. Additionally, service providers are increasingly being asked to sign Business Associate Agreements, which require compliance with HIPAA .
Project Scoping
Our team will work closely and collaboratively with your staff to determine which sections of HIPAA are applicable to your business operations. We interview key management and IT personnel to identify the controls which need to be in place to meet the HIPAA compliance requirement. Once the scope of the project has been determined, we begin the HIPAA Readiness Assessment.
HIPAA Readiness Assessment
A Readiness Assessment is a proactive approach to ensuring your HIPAA program will meet the necessary HIPAA requirements. Entities who are required to undergo HIPAA assessments often find the first year to be the most difficult. Not only must they comply with each of the audit requirements, but they also need to build out their documentation and processes to comply with the standard. This is where our team steps in. Once we have identified the scope of the project, we work side-by-side and collaboratively with your management team and IT personnel to perform walkthroughs to verify essential controls are in place and designed effectively. Once walkthroughs have been completed, we prepare a detailed gap analysis which includes specific recommendations to guide you in remediating identified gaps.
HIPAA Compliance Reporting
We will tailor the final report to suit the needs of its intended audience. If your agency, department, or bureau intends to use the report for internal purposes, we will collaborate with management to determine the best reporting format for your particular needs. If the primary purpose of the report is to present the findings to external parties, we will draft the report to comply with the standard reporting format.
HIPAA Compliance Testing
When your company is ready to undergo HIPAA compliance testing, our first step is to create a detailed document request list which includes a detailed listing of all documentation we will need to perform our test procedures. This detailed document request list is sent well in advance of onsite fieldwork, saving your team time and creating efficiencies in the process. Once onsite, we will walk through each control requirement. Since our team is very experienced in HIPAA compliance testing, we are able to minimize disruptions to your business operations while testing is being performed. Our testing procedures will include a mix of interviews, observations, and sampling. Once testing is complete, we will review the results with your management team and assist in drafting responses to any gaps identified during testing. We then compile the results into a draft report for management’s review.
Privacy Assessments
GDPR has paved the way for consumer data privacy and protection laws, requiring organizations to provide individuals with controls over their personally identifiable information (PII). Consumer data privacy protection laws such as GDPR and CCPA/CPRA have led the way to require that organizations provide individuals with control over their personally identifiable information (PII). Many other states are now following suit, making data privacy a top priority for companies who collect, store, process, and transmit PII. CyberGuard Advantage performs data privacy assessments to ensure that your organization not only meets the regulatory requirements but also assists you in gaining trust from your business partners and customers that their data is protected. Our team of privacy professionals will help you to provide clarity and transparency to how your privacy program, privacy statements, policies, and processes meet the compliance requirements for GDPR, CCPA/CPRA, and many emerging state privacy laws.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The Regulation went into effect on May 25, 2018 and establishes rules related to the protection of citizens with regard to the processing, storage, and transfer of personal data.
A few of the key privacy and data protection requirements of the GDPR include:
- Consent requirements from individuals when processing personal data
- Providing Anonymity when utilizing collected data in order to ensure privacy protection
- Providing data breach notifications
- Safely handling the transfer of data across borders
- Data Protection Officer (DPO) requirement to oversee and monitor GDPR compliance
All organizations marketing goods or services to EU residents, regardless of physical location, are subject to the regulation. Therefore, the impact of GDPR data protection requirements extend globally. Reach out to one of our service professionals today for a consultation so we can discuss your specific compliance requirements.
Key privacy and data protection requirements of the GDPR include:
- Consent Consent requirements from individuals when processing personal data
- Anonymity Providing Anonymity when utilizing collected data in order to ensure privacy protection
- Notifications Providing data breach notifications
- Secure Transfer Safely handling the transfer of data across borders
- Data Protection Officer Data Protection Officer (DPO) requirement to oversee and monitor GDPR compliance
All organizations marketing goods or services to EU residents, regardless of physical location, are subject to the regulation. Therefore, the impact of GDPR data protection requirements extend globally. Reach out to one of our service professionals today for a consultation so we can discuss your specific compliance requirements.
California Consumer Privacy Act (CCPA)
Powered by the increase in consumer data and security breaches as well as apprehensions over privacy, the State of California has passed the California Consumer Privacy Act (CCPA). The new rights given to California consumers are similar to the rights provided in the European Union’s General Data Protection Regulation (GDPR). The law went into effect on Jan. 1, 2020.
The law gives Californians the following rights:
- Know what personal information is being collected about them.
- Know whether their personal information is sold or disclosed and to whom.
- Say no to the sale of personal information.
- Access their personal information.
- Equal service and price, even if they exercise their privacy rights.
OnSite Audit and Reporting
Our service professionals estimate two to three days for an onsite visit, after which they will provide a thorough analysis of your firm's compliance status. Based on the potential gaps identified, our team will then formulate an action plan, which addresses key issues your company must take action on in order to achieve compliance within the new law.
Interested in learning more about our cybersecurity assessments?