Redspin annouces new service for healthcare security compliance requirements

Service combines a HIPAA security risk analysis and PCI DSS 3.0 gap analysis into a single scope of work.


CARPINTERIA, Calif., -- Jan. 21, 2014 --  Redspin, Inc., a leading provider of penetration testing and IT security assessments, announced today a new service that helps healthcare providers jointly address important HIPAA and PCI DSS security compliance requirements in a more efficient manner.

The new Redspin service combines a HIPAA Security Risk Analysis and PCI DSS 3.0 Gap Analysis into a single scope of work. The shared assessment streamlines the process by leveraging the common elements in data collection, data analysis and policy reviews of HIPAA and PCI DSS 3.0. The result is a comprehensive report of findings with remediation recommendations that can be addressed holistically and with no duplication of effort. Redspin's new service bolsters its healthcare clients' security posture in this regard while also saving them time and money.

"Over the past few years, healthcare organizations have been very focused on HIPAA's privacy and security rules," said Daniel W. Berger, Redspin's President and CEO. "Yet along with the enormous increase in electronic health records, there has also been a steady rise in payment card transactions at hospitals and clinics. Health providers need to ensure that they have adequate safeguards in place not only to safeguard PHI but also to protect their patients' credit card data."

Although the PCI DSS 3.0 standard went into effect on January 1, 2014, participating organizations have a full year to review the new requirements and ensure that their security programs are updated accordingly. Many of the changes in PCI DSS 3.0 are significant such as: increased point-of-sale device security, mitigation of payment card risk introduced by third parties such as cloud providers and payment processors, and updated guidance on penetration testing requirements.

The scope of work of Redspin's combined HIPAA Security Risk Analysis and PCI DSS 3.0 enables HIPAA covered entities to meet and maintain HIPAA compliance while also gaining an understanding of any gaps that may exist before PCI DSS 3.0 is enforced. "Rather than two discreet projects," says Berger, "there is real value to a coordinated and shared assessment. A good example is the new requirement for demonstrative evidence on the demarcation or segmentation of the cardholder data. When we scan networks for potential exposure of PHI, we often find credit card numbers as well."

Redspin has performed HIPAA Security Risk Analysis services to 115 hospitals. Staffed by expert security engineers and compliance consultants, Redspin helps safeguard confidential information and protect critical IT infrastructure. The company offers penetration testing, vulnerability assessments, web application security audits, security compliance reviews, mobile device security risk analysis, and social engineering testing. Through expert analysis and business acumen, Redspin has become a trusted security advisor to the healthcare industry, as well as banking and financial services, retail, energy, technology, and hospitality.

For more information visit www.redspin.com