SECURITY & PRIVACY RISK ASSESSMENTS
Meditology Services provides security and privacy risk assessment services
specifically tailored to the unique needs of healthcare organizations.
Depending on the needs of your organization, Meditology can conduct security risk assessments using either the HITRUST Common Security Framework (CSF) or the NIST Cybersecurity Framework (NIST CsF). Both frameworks provide a comprehensive approach to both regulatory compliance and risk management.
Meditology conducts privacy risk assessments using the HIPAA Privacy Rule, OCR Audit Protocol, HITRUST privacy controls, NIST 800-53 privacy controls, and applicable state laws. Our pragmatic approach is based on what is considered “reasonable practice” required to satisfy privacy compliance requirements in a practical and cost-effective manner.
Meditology can also assist you in certifying your EHR systems if you participate in Meaningful Use and or MACRA.
Meditology risk assessments can support the needs of multiple audiences:
- Regulatory bodies such as HIPAA and OCR
- Executives and their boards
- Managers responsible for security and compliance
- Staff responsible for implementing remediation measures
Meditology has extensive experience conducting hundreds of information security and privacy risk assessments for healthcare organizations of all sizes. We have a proven track record for completing security risk assessments that meet regulators’ expectations, including OCR and CMS.
Meditology serves as OCR’s HIPAA expert witness firm and is intimately familiar with the OCR’s audit, investigation, and enforcement processes.
Each member of Meditology’s leadership has at least 15 to 20 years of directly relevant healthcare IT security and privacy consulting and operational experience.
Meditology’s team has relevant security certifications including CISSP, CEH, CISA, HCISPP, CIPP, OSCP, PCIP, CPHIMS, CPISM, GSEC, CCNA and HITRUST.
Our seasoned team is strengthened by leaders who have health system operational experience as well as industry security leadership. Our team includes consultants who have previously served as Chief Information Security Officers, Chief Privacy Officers, and IT Directors of large healthcare entities.
Meditology specializes in risk assessment and compliance for the healthcare industry. We understand the specific needs and constraints of healthcare organizations, and we are therefore able to develop solutions that are appropriate for each client’s size, complexity, and needs.
WHAT SETS MEDITOLOGY APART
- HIPAA expert witness firm for OCR
- Experienced CISOs and Privacy Officers
- Dedicated to healthcare
- Hundreds of clients coast to coast
- Advisors to ONC / HHS
- Benchmark comparisons to other healthcare organizations of similar size and complexity