GRC Specialists
How can Coalfire help with your healthcare governance, risk, and compliance program?
Healthcare GRC Services
Risk Analysis
The foundation of any information security management program, Coalfire offers a variety of services:
- Enterprise Risk Analysis
- Application Risk Analysis
- Facility Risk Analysis
- Supply Chain/Third Party Risk Analysis
CMS Compliance Audits
Third party audits for entities operating in the Centers for Medicare & Medicaid Services (CMS) Affordable Care Act (ACA) healthcare marketplace. Enhanced Direct Enrollment (EDE) is a pathway for consumers to enroll in health insurance through the Federally Facilitated Exchange (FFE) via approved third-party entities, while Minimum Acceptable Risk Standards for Exchanges (MARS-E) is a framework of security and privacy controls for systems used in the ACA administration, including health insurance exchanges.
Acceptable Risk Controls for ACA, Medicaid, and Partner Entities (ARC-AMPE) is the new framework derived from the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 5, “Security and Privacy Controls for Information Systems and Organizations.”
- ARC-AMPE for Administering Entities (formerly MARS-E)
- ARC-AMPE for Direct Enrollment Entities (formerly EDE)
- EDE Business Audit
- Exhibit 14
- Section 508 accessibility compliance
- Limited English Proficiency (LEP) compliance
Ancillary Services
- Business Impact Analysis (BIA)
- Policy and procedure development
- Desk top exercises (contingency, disaster recovery, incident response, etc.)
The Coalfire Difference
We partner with organizations to create successful GRC programs that leverage well-implemented technology to support organizational strategy. These programs are operated by people using processes consistent with organizational strategy.
- Governance: Our healthcare experts assist organizations in developing scalable and tailored governance, risk, and compliance (GRC) programs that align with their operational goals and objectives.
- Risk Management Security: Our team will collaborate with you to develop a process that effectively supports appropriate confidentiality, integrity, and availability (CIA) levels within the organization's risk tolerance, representing cybersecurity risk.
- Compliance: We help organizations create sustainable programs to fulfill their compliance obligations, ensuring they address regulatory, contractual, or statutory requirements while managing business risk.
Enterprise integration
- Organization Strategy: Strategy is an outcome of governance that balances organizational objectives and reflects cybersecurity and business risk tolerance or risk thresholds
- People, Process, and Technology: The governance outcome is organizational policies, procedures, and strategies that leverage organizational assets.
- Outcome: Coalfire partners with organizations to create successful GRC programs that leverage well-implemented technology to support organizational goals. These programs are operated by people using processes consistent with organizational strategy.
Program foundations
Coalfire assists organizations in adopting a comprehensive approach to risk-based decision-making. This includes implementing realistic, achievable, compliance, and risk programs that support organizational risk management goals and objectives.
Resources
White Paper
Why Adopting a Framework is Critical to a Robust Cybersecurity Program in Healthcare
Read more
Connect 1:1 with a Healthcare GRC Expert
