MANAGED COMPLIANCE SERVICES

Meditology provides managed services to healthcare organizations for routine security and privacy compliancy functions. This lets you outsource key security and privacy tasks, thereby lowering your costs and reducing the efforts needed to hire staff.

Vendor Security Risk Management

You are responsible for assessing and safeguarding PHI stored by vendors wherever it is created, received, maintained, or transmitted.

Our Vendor Security Risk Management solution provides a comprehensive and cost-effective way to better understand how your vendors are protecting PHI.

Our end-to-end managed service solution combines industry standards (e.g., HITRUST, NIST, PCI, HIPAA, ISO, COBIT) with risk intelligence and input from the healthcare industry to help you effectively manage vendor risk.

Red Team & Penetration Testing

Routine penetration testing:

  • External
  • Internal
  • Wireless
  • Phishing & Social Engineering

Web application assessments

Vulnerability scanning and vulnerability identification

  • Technical testing
  • Active Directory assessment
  • Password analysis

Incident Response

Our incident response managed services helps your organization maintain an up-to-date incident response plan that leverages leading practices from top healthcare organizations. We conduct routine tabletop exercises designed to routinely engage your key stakeholders in understanding and adopting formal business continuity and incident response practices.

Incident response testing helps to limit the duration and impact of adverse security and availability incidents and improve the organizations resilience for inevitable security and IT events.

Incident response managed services include:

  • Incident response plan development.
  • Incident response testing and table top exercises.
  • Business Continuity and Disaster Recovery table top exercises.
  • Ransomware table top exercises and preparation.

Remediation & Risk Register Management

Managed security remediation includes the development of a corrective action plan and risk register. We can provide project management support to track the corrective actions and manage the risk register.

  • Corrective action plan development and tracking
  • Risk register management
  • Remediation project management
  • Subject matter expertise support

Managed Assessment Risk & Response Service (MARRS)

Traditional audit response requires security questionnaires to be funneled through already over-burdened corporate Information Security teams.

Meditology's Managed Assessment Risk & Response Service (MARRS) fills this gap with a controlled process for responding to security assessments as a part of Request for Proposals and Post-Sales processes.

Our MARRS service provides:

  • Streamlined security questionnaire responses
  • Effective and timely communication
  • Alignment with industry standards (NIST, HITRUST, SIG, ISO)
  • Ready access to supporting documentation
  • Quality assurance and reporting
  • Monitor changes in risk and security reputation
  • Standard profile response in 15 days or less
 
Quote Icon

We chose Meditology mainly for their demonstrated knowledge and understanding of HIPAA, ARRA/HITECH and established security standards.

They were unfailingly professional throughout the information gathering and data gathering processes, kept to their timeline and verified the results that they found. The reports produced were accurate and easy to understand, with appropriate benchmarking to other health care organizations and the security industry as a whole. Most importantly, they provided concrete and achievable suggestions to help mitigate the risks identified.

Barbara Anson

CISO, Baptist Memorial Health Care Corporation of Memphis, TN