The Business Challenge
Securing qualified, experienced, security expertise with the rising demand for cybersecurity professionals is a challenge for a healthcare organization. According to Burning Glass, a Boston - based job market analytics provider, a report "Job Market Intelligence: Cybersecurity Jobs, 2015", states that in the last five years, information security positions requiring healthcare compliance and standards knowledge have increased by 248% and risk management by 209%. According to Forbes, there were one million cybersecurity job openings in 2016.
The 2017 Global Information Security Workforce Study (GISWS) states that a serious talent shortage looms in the information security (IS) workforce. A projected 1.8 million IS workforce gap is estimated to exist by 2022. This is an increase of 20 percent from the 1.5 million worker shortfall forecast by the 2015 GISWS. Positions requiring healthcare information security compliance and standards knowledge have increased significantly.
Because cybersecurity jobs require years of training and relevant experience, skills gaps cannot easily be resolved through short-term solutions. And there is a high demand for healthcare data security and cybersecurity talent that holds Certified Information Systems Security Professional (CISSP) credentials. In the U.S. there are three or more job postings for every professional who holds a CISSP certification.
Information security and privacy make good business sense. According to a recent study by Accenture, supported by a Ponemon Institute survey, healthcare organizations could potentially lose $305 billion in patient revenue over the next five years due to the impact of cybersecurity attacks, and the loss of consumer confidence.
Add to the mix a healthy dose of anxiety. Proof that your business associates meet all 24 HIPAA Security Rule standards, the 48 required implementation specifications, vulnerabilities of medical device cybersecurity and biomed equipment, BYOD, the Internet of Things (IoT), digital payment transactions, data at rest, and considerations of PHI in real time transit, are all serious concerns.
The tw-Security Solution
tw-Security offers health information technology services provided by qualified, experienced, certified healthcare information security professionals to develop, monitor, and maintain your HIPAA and IT security program. We provide a straightforward, practical, efficient, and reasonable approach to data security protecting your information assets and information systems. Our risk management, information systems, and Cybersecurity services are grounded in the guiding principles that information security is the cornerstone of maintaining the public trust, is primarily a business issue, not just a technology issue, is risk-based and cost-effective, and aligned with your priorities, industry-prudent practices, and government requirements.
Customized to accommodate diverse organizations, from a large academic medical center to a start-up business associate, the flexible offering includes a Virtual Information Security Officer (VISO), and disciplined continual or recurring support - aimed at maintaining or advancing the security program. This service provides ongoing documented efforts supporting your 'Book of Evidence.'
We quickly assess your current capabilities and resources, and assist in the development of a reasonable IT budget to meet required compliance activities, and plan for ongoing management activities and projects. We monitor those services that are required to maintain compliance and identify the 'nice to' projects. If desired, we provide hands-on support working behind the scenes on remediation tasks as an extension of your workforce.
We also offer On Demand support intended to address one-time support issues or help as needed inclusive of emergency virtual security support with certified security professionals.
Information Security Risk Management
In order to maintain a compliant information security program, there are some basic, ongoing activities that must be performed. Serving as a consultant, we follow your direction to improve and maintain your information security program. The purpose of tw-Security’s VISO – Information security program support services is to provide:
- Guidance to keep your information security program moving forward
- Aid ongoing HITECH and HIPAA compliance efforts
- Risk remediation/risk management assistance to help manage risk to an acceptable level
- Assistance with the development and monitoring of a cybersecurity plan
- Support for incident response
- Accountability to the corporate compliance committee and executive management
- Documentation of ongoing information security efforts
- Knowledge to stay abreast of healthcare information security changes that impact your security program
- Cost effective, responsive access to experienced, certified professionals when needed
- We use the HIPAA Audit Program Protocol to monitor the state of the IT security program, and the PCI DSS as a "progress report." We develop prioritized action plans to address gaps and mitigate risk. Our risk analysis approach is based upon the guidance from the National Institute of Standards and Technology (NIST), and documents created by the HHS and/or the CMS
tw-Security's Value Proposition
- Nationally recognized healthcare security and cyber security firm providing services since 2003
- Served >150 customers representing a diverse healthcare industry
- Real-life healthcare information technology security experience (former Corporate Information Security Officers for large healthcare systems)
- Certified consultants average more than 25 years of combined information security and management experience
- Hands-on experience creating risk profiles of hundreds of applications
- Cohesive methodologies and tools focused on efficiency and measurable results
- All of tw-Security's customers that have undergone a Meaningful Use audit have passed the core measure for risk analysis
- Engagements combine offsite work services supplemented with onsite visits (if needed)
- Frequent contributor to industry thought leadership
- Long term customer relationships built on trust, respect, and the delivery of services with concern for budget limitations