CynergisTek will conduct a baseline security assessment on the organization focusing on all of the administrative, physical, and technical safeguards required by HIPAA. These reports will serve as the foundation for the ongoing management and maturity of the security program. CynergisTek will create prioritized remediation plans that will address the short-term critical vulnerabilities, including technical and programmatic/policy-related findings, and a transition plan for medium and long-term objectives and maintenance.
CynergisTek consultants are industry veterans that will provide the needed resources and experience that enables our clients to accelerate the implementation of their security programs. Throughout the process, CynergisTek will advise on the development and remediation of the programs by utilizing our extensive privacy and security expertise. The client has access to the entire CynergisTek staff, whether the request is deeply technical in nature, or a higher level program management discussion.
Advisory support is provided at all levels: executive, programmatic, and through direct peer-to-peer interaction between staff. This enables CynergisTek to augment the capabilities of the client organization and respond to whatever privacy or security matter may arise. Daily programmatic management is accomplished through a combination of communication channels — telephonic, interactive web portal, and email — making it possible for CynergisTek to respond rapidly to client requests for information or support.
CynergisTek will be involved in the ongoing remediation and maturation of the security program and will supervise any transition to appropriate staff within the organization.
Ongoing executive direction is provided through periodic executive reviews designed to ensure remediation and program building efforts remain on track. The appointed monitor within the client’s organization will also be included in these communications and have access to the portal for real-time updates on the progress of remediation and the program.
CynergisTek will also provide strategic planning support and assist clients in keeping current with emerging industry threat and regulatory trends. In addition to the standard elements of the CAPP, which include regular assessment, testing of technical controls and ongoing advisory support, the CAPP also provides a ready vehicle for on-call consulting, staffing, and engineering support.
CynergisTek’s employees have experience in working in and developing regulatory programs in both government and private sector positions. Each member of the CynergisTek staff holds relevant certifications in their area of focus, and with our unique relationship with OCR, we understand healthcare’s regulatory environment and will advise on appropriate measures to ensure compliance.
CynergisTek will monitor the technical controls and vulnerability management of the organization through quarterly technical testing. This consistent monitoring will allow us to effectively remediate any critical vulnerabilities and work with the client’s IT staff on proper patching and vulnerability management. Trending data will be provided, and our reports will show areas of improvement in the information security program, but also highlight progress throughout the term of the engagement.
Today there are nearly a hundred healthcare entities actively engaged in the CAPP program. Each CAPP client has direct access to CynergisTek’s knowledge base and also to its peers. One of the biggest strengths of this program is the interaction, assistance, and information sharing fostered by CynergisTek among and between the CAPP membership. When someone has a question we not only share our knowledge, but we pull from our CAPP clients’ experiences and others. CISOs from one CAPP member often act as mentors and sounding boards for other CISOs in the program. The CAPP is not a one-plus-one, but a one-plus-many relationship.