With a growing reliance on information technology in the Healthcare Industry and the adoption of electronic medical records (EMR), ensuring the safe handling of sensitive data is crucial. The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules define requirements for the appropriate use and safeguarding of protected health information (PHI). The Health Information Technology for Economic and Clinical Health (HITECH) Act provisions, which were enacted as part of the American Recovery and Reinvestment Act in February 2009, include updates to the HIPAA Standards and were enacted to strengthen the privacy and security of health information.


The HIPAA Security Rule’s requirements are organized into three categories: Administrative Safeguards, Physical Safeguards, and Technical Safeguards. Within these categories are 18 standards and 36 implementation specifications. Implementation specifications are further categorized into “Required” and “Addressable”. Required specifications are critical and must be implemented. Addressable specifications are considered scalable based on the individual needs and practices of an entity. The Security Rule’s focus is on the safeguarding of electronic Protected Health Information (e-PHI).

While the Security and Privacy Rule both share the common goal of safeguarding Protected Health Information (PHI), the Privacy Rule applies to all media types including paper, oral, and electronic. The Privacy Rule requires organizations to consider the confidentiality, integrity, and availability of PHI. Further, procedures need to be in place to address the use and disclosure of PHI, notice of privacy practices, and minimum necessary approach to using PHI.

Securing an organization’s data can be both costly and complicated, but having an information security breach can be devastating not only to the company’s operations and reputation, but also its customers and employees. Additionally, most sectors within the Healthcare Industry have the added responsibility of securing patient information.

We have tailored Global Expert Solutions HIPAA Information Security services to meet the very specific business, technology and compliance needs of the Healthcare Industry and to ensure the organization’s PHI is secure from inappropriate access or disclosure.

Our testing and assessment services include the following:

  • Information Security Assessments
    • Vulnerability Assessment
    • Penetration Testing
    • Web Application Security Assessment
    • Wireless Security Assessment
    • Social Engineering
    • Physical Security Assessment
    • Secure Source Code Analysis
    • IT Risk Assessment
  • PCI Compliance Audit & ASV Scanning


Audit and compliance in word tag cloud on black


Are you nearing the end of an integration project and need to make sure you are in compliance with HIPAA and HITECH? Global Expert Solutions can determine if your company is ready to “go-live” by performing a pre-integration review. We examine all components of the integration project to determine the entity’s readiness including testing, reporting, data conversion, training, user documentation, and control processes. This service helps organizations manage the risks of “go-live.”

Our post implementation audits identify both the strengths and the opportunities for system optimization and improvement in internal controls and compliance with HIPAA & HITECH subsequent to “go-live.”

Policies and procedures establish a baseline by which all work should be performed and help ensure that each task, from the most basic and routine to the most complicated and critical, are executed properly.

Global Expert Solutions will help organize, develop, formalize and/or re-evaluate your HIPAA/HITECH policies and procedures to ensure they are meeting the needs of the organization as well as regulatory requirements. Through observation and documentation along with interviewing business process owners and management, we are able to formalize and optimize the organizations policies and procedures. Furthermore, we are able to ensure they comply with the appropriate laws and regulations, avoid any separation of duties conflicts, and help protect against security violations.