Assessment

Privacy Horizon Inc. (PHI) provides a comprehensive suite of assessment tools to enable you to manage privacy and security risk.

Privacy and Security GAP Assessments

GAP assessments are increasingly used by hospitals, insurance companies, government agencies, regional health authorities and other organizations to evaluate vendors before purchasing their products and services. GAP assessments map a company’s privacy and security controls to recognized control frameworks such as the CSA model code for the protection of personal information, Generally Accepted Privacy Principles (GAPP), ISO 27002 – Code of practice for information security controls, or the HIPAA Privacy and Security Rules. Privacy Horizon’s GAP Assessment tools help your company to identify gaps and establish mitigation plans that address the concerns of major customers.

Privacy and Security Maturity Model (PSMM)

Where is your company on the privacy and security journey? Based on the capability maturity model (CMM), the PSMM assesses the current state of your privacy and security programs and the privacy and security features built into your products and services. The PSMM allows you to set measurable goals and monitor progress resulting in continuous improvement of your products and services.

Privacy Impact Assessment (PIA)

The PIA is the primary tool used to assess and manage privacy risk in a new system, product or service. It provides the evidence needed to demonstrate to customers and regulators that privacy issues have been addressed. Privacy Horizon’s PIA methodology is tailored to the needs of the healthcare environment. It is based on international standards and best practices for privacy impact assessment. A typical PIA will include:

  • Executive summary
  • Description of the Organization and its business model
  • Description of the product or service
  • Legislative analysis for each jurisdiction in which the organization conducts business
  • Analysis of organizational privacy controls
  • Analysis of solution privacy controls including technical architecture, security and privacy features, data inventory and data flows.
  • Risk assessment
  • Conclusions and recommendations

Threat and Risk Assessment (TRA)

The TRA is the primary tool used to assess and manage security risk in a new system, product or service. It provides the evidence needed to demonstrate to customers and regulators that security issues have been addressed. Privacy Horizon’s TRA methodology is tailored to the needs of the healthcare environment. It is based on international standards and best practices for threat and risk assessment. A typical TRA will include:

  • Executive Summary
  • Detailed system description
    • Solution security controls
    • Organizational security controls
  • Asset identification and valuation
  • Threat assessment
  • Vulnerability assessment
  • Risk assessment
  • Conclusions and recommendations

Privacy and Security Assurance Management System

Health care organizations, government agencies and health IT vendors are challenged to ensure the privacy and security of personal health information when connecting many business partners and suppliers to their health information infrastructures. They often rely on text based surveys to capture hundreds of data points associated with hundreds or thousands of organizations. Tracking threats, vulnerabilities and risks is difficult or impossible.

Privacy Horizon has developed a comprehensive GRC (Governance, Risk and Compliance) tool that enables organizations to ensure appropriate due-diligence when granting access to their systems. The Privacy and Security Assurance Management System can be tailored to each jurisdiction ensuring compliance with applicable privacy legislation, security standards and best practices.

The Privacy and Security Assurance Management System includes:

  • An online questionnaire to be completed by business partners or suppliers addressing necessary privacy and security controls.
  • Identification of strengths and gaps in privacy and security controls.
  • Identification of mitigation plans to address identified gaps.
  • Attestation and acknowledgement by CEO or delegate.
  • Comprehensive reporting capability that includes:
    • Tracking which organizations have, or have not, completed the assessment.
    • Identification of common or systemic gaps.
    • Status of mitigation plans.
    • Tracking of privacy and security trends.

Security Testing

A continuous program of security testing is needed to ensure that personal health information and mission critical information systems are protected from new and emerging threats. Privacy Horizon can provide the following testing services:

  • Penetration testing
  • Web application security assessment
  • Web services security assessment
  • Mobile apps security assessment

<< Back To Products

Ready to get in touch? Contact Privacy Horizon today.

Contact Us