Healthcare GRC Specialists
How can Coalfire help with your healthcare governance, risk, and compliance program?
The Coalfire Difference
We partner with organizations to create successful GRC programs that leverage well-implemented technology to support organizational strategy. These programs are operated by people using processes consistent with organizational strategy.
- Governance: Our healthcare experts assist organizations in developing scalable and tailored governance, risk, and compliance (GRC) programs that align with their operational goals and objectives.
- Risk Management Security: Our team will collaborate with you to develop a process that effectively supports appropriate confidentiality, integrity, and availability (CIA) levels within the organization's risk tolerance, representing cybersecurity risk.
- Compliance: We help organizations create sustainable programs to fulfill their compliance obligations, ensuring they address regulatory, contractual, or statutory requirements while managing business risk.
Enterprise integration
- Organization Strategy: Strategy is an outcome of governance that balances organizational objectives and reflects cybersecurity and business risk tolerance or risk thresholds
- People, Process, and Technology: The governance outcome is organizational policies, procedures, and strategies that leverage organizational assets.
- Outcome: Coalfire partners with organizations to create successful GRC programs that leverage well-implemented technology to support organizational goals. These programs are operated by people using processes consistent with organizational strategy.
Program foundations
Coalfire assists organizations in adopting a comprehensive approach to risk-based decision-making. This includes implementing realistic, achievable, compliance, and risk programs that support organizational risk management goals and objectives.
Healthcare GRC Services
Risk Analysis
The foundation of any information security management program, Coalfire offers a variety of services:
- Enterprise Risk Analysis
- Application Risk Analysis
- Facility Risk Analysis
- Supply Chain/Third Party Risk Analysis
CMS Compliance Audits
Third party audits for entities operating in the Centers for Medicare & Medicaid Services (CMS) Affordable Care Act (ACA) healthcare marketplace. Enhanced Direct Enrollment (EDE) is a pathway for consumers to enroll in health insurance through the Federally Facilitated Exchange (FFE) via approved third-party entities, while Minimum Acceptable Risk Standards for Exchanges (MARS-E) is a framework of security and privacy controls for systems used in the ACA administration, including health insurance exchanges.
Acceptable Risk Controls for ACA, Medicaid, and Partner Entities (ARC-AMPE) is the new framework derived from the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 5, “Security and Privacy Controls for Information Systems and Organizations.”
- ARC-AMPE for Administering Entities (formerly MARS-E)
- ARC-AMPE for Direct Enrollment Entities (formerly EDE)
- EDE Business Audit
- Exhibit 14
- Section 508 accessibility compliance
- Limited English Proficiency (LEP) compliance
Ancillary Services
- Business Impact Analysis (BIA)
- Policy and procedure development
- Desk top exercises (contingency, disaster recovery, incident response, etc.)
Resources
White Paper
Why Adopting a Framework is Critical to a Robust Cybersecurity Program in Healthcare
Read more
Connect 1:1 with a Healthcare GRC Expert
