Header Image

Helping to Secure Our Clients' Protected Health Information and Systems

As Meaningful Use and ICD-10 regulatory initiatives provide opportunities to implement and upgrade systems, the opportunity also exists to re-establish privacy and security practices and procedures. Crowe Horwath LLP's five-step process provides a comprehensive analysis of the gaps and remediation/implementation plan to help protect the privacy of patients.

Please review our list of professional services below:

  • Executive assessment
  • Readiness assessment
  • Project management (PMP)
  • Vendor selection (RPI and RFP)
  • Attestation assistance
  • Strategic road map
  • Testing
 
  • Risk assessment
  • HIPAA risk/gap analyses and remediation
  • Subject-matter expertise (SME)
  • Data warehousing
  • EMR optimization
  • Monitoring and support
  • Audit
 

Learn more about our services.

 

 

 

Security and Privacy Risk Analysis:
Five Steps to a Practical Approach

 
Step Security Risk Analysis Privacy Risk Analysis
1 Conduct policy gap analysis.
2 Create software application inventory and risk rating. Identify participants for privacy survey.
3 a) Conduct gap analysis among highest-risk applications.
b) Conduct entity-level controls gap analysis.
Conduct privacy survey of selected departments.
4 Conduct survey-based gap analysis of remaining applications. Update policy gap analysis with results of privacy survey.
5 Conduct hospital walk-through.
Contact Us
Raj Chaudhary
312.899.7008
Email

hipaa-5-steps
Levels Level 1 Level 2 Level 3 Level 4
Merchants Any merchant - regardless of acceptance channel - processing more than 6,000,000 Visa transactions per year

Any merchant that has suffered a hack or an attack that resulted in an account data compromise

Any merchant identified by any card association as Level 1
1 million - 6 million Visa or MasterCard transactions per year 20,000 - 1 million Visa or MasterCard e-commerce transactions per year Less than 20,000 Visa or MasterCard e-commerce transactions per year, and all other merchants processing up to 1 million Visa or MasterCard transactions per year
Service Providers VisaNet processors or any service provider that stores, processes and/or transmits over 300,000 Visa transactions annually.

All MasterCard Third Party Processors (TPPs) and Data Storage Entities (DSEs) with more than 300,000 total combined MasterCard and Maestro transactions annually.
Any service provider that stores, processes and/or transmits less than 300,000 Visa transactions annually.

All DSEs with 300,000 or less total combined MasterCard and Maestro annual transactions annually.
n/a n/a