the brochure

Risk Assessment
Identify Threats & Vulnerabilities
Key Advantages
Over a decade of dedicated
service to healthcare entities
and hundreds of assessments
Third-party assessment allows
for thorough, unbiased review
of security and privacy
A knowledgeable staff with
industry certifications in
privacy, security and audit
disciplines, and, most
importantly, experience in
Ability to measure against
multiple frameworks including,
FISMA, FIPS, PCI and more
Meets risk analysis
requirements for Meaningful
Use and HIPAA Security Rule
Standards align with OCR’s
expectations, utilizing
firsthand experience during
audits and investigations
Approach is consistent with
OCR’s guidance, using NIST
Now Is The Time For Risk Assessment
A risk analysis must be conducted or reviewed annually to meet regulatory requirements
or anytime there is a change in the operating or technical environment. More importantly,
a Risk Assessment supports awareness and development of data security programs and
results in reduced interruptions due to outages or incidents and better enterprise
integrity by methodically addressing remediation. Conducting a risk analysis is necessary
for many reasons, including:
Improves risk management posture, reducing threat of breach or security incidents
Validates previous efforts and identifies potential threats and vulnerabilities
Verifies that the controls environment supports business strategy and goals
Ensures an accurate and complete risk analysis in the event of an OCR or CMS audit
or investigation
Demonstrates and maintains HIPAA, HITECH and Meaningful Use compliance
CynergisTek Standard Risk Assessment
External Security Assessment
Architecture Assessment
Internal Security Assessment
Information Security
Program Assessment
Meaningful Use EHR Technical
Controls Assessment
Wireless LAN Security Assessment
NIST Methodology-Based
Risk Analysis
“A CIO’s mission should be to protect patient privacy through the
continual improvement of security programs. Having CynergisTek
conduct an annual risk assessment supports my team as we work
towards this mission by identifying vulnerabilities, analyzing risk,
and revealing trends that might have gone unnoticed without
– Chuck Podesta, Chief Information Officer
Risk Assessment
Is Your Risk Assessment
Process Compliant?
HIPAA, Medicare/Medicaid certified systems, Meaningful Use and
FISMA all require a formal risk analysis. Despite these regulations,
OCR identified an improper or incomplete risk analysis as a
common finding in compliance audits. Now there is a greater focus
on risk management programs.
“Comprehensive enterprise risk analysis followed by ...
timely risk management practices is the cornerstone of any
good compliance program.”
– Jocelyn Samuels, Director of HHS, Office for Civil Rights
CynergisTek’s Risk Assessment process specifically addresses
regulatory requirements and helps organizations implement an
ongoing risk management program. Our strategic process includes
technical testing, a physical survey, a programmatic gap analysis
and policy review, and formal risk analysis using the NIST 800-30
Rev. 1 standard.
Throughout the process CynergisTek collaborates with your team to
build effective remediation plans. Deliverables can be used as
supporting documentation for audits or investigations.
CynergisTek can customize a Risk Assessment to meet your
organization’s specific needs, and it can be included with our
Compliance Assistant Partner Program or an ongoing compliance
management program. Popular add-ons include:
OCR Audit Readiness: Mocks an OCR random audit to prepare
for future audits and/or investigations
HIPAA Privacy Program Assessment: Provides an in-depth
review of privacy policies and procedures that measures
compliance with HIPAA
Phishing and Social Engineering: Provides training and
awareness for employees to help reduce security risks
Ongoing Technical Testing Programs
Learn more about our Risk Assessment at:
About CynergisTek
About CynergisTek
CynergisTek, Inc. " 11410 Jollyville Rd, Suite 2201, Austin TX 78759 # 512.402.8550
$ [email protected] % & @CynergisTek
Risk Assessment
CynergisTek is a top-ranked information privacy and security consulting firm. The company offers solutions to help organizations
measure privacy and security programs against regulatory requirements and assists in developing risk management best
practices. Since 2003 the company has served as a partner to hundreds in the healthcare industry. CynergisTek is also dedicated
to supporting and educating the industry by contributing to relevant associations such as HIMSS, AHIMA, HFMA, HCCA, AHIA,
AHLA, IAPP and CHIME. CynergisTek was recognized by KLAS®, as one of three firms provider organizations turn to most for
privacy and security assistance in its groundbreaking report released in May 2014, entitled “Security and Privacy Perception 2014:
High Stakes, Big Challenges.”