HIPAA Risk Assessments


Covered entities have no option but to comply with the Health and Insurance Portability and Accountability Act (HIPAA.) HIPAA compliance can be difficult, but any good privacy and security plan must start with an assessment of the risks to your system. An integral component of your risk assessment is testing for external penetration, internal vulnerabilities, social engineering and undetected network security lapses. But what type of penetration, social engineering and internal vulnerability testing is the most effective?

Your penetration testing program should:

  • Gather public information that could be useful for network penetration
  • Scan for vulnerabilities to your system
  • Assess vulnerabilities that are found for potential impact
  • Allow for safe exploitation attempts to test the security of the system
  • Test Internet devices such as firewalls, perimeter routers, web servers
  • Provide detailed post-test reports for tracking, reporting and auditing purposes

Your social engineering testing program should:

  • Involve electronic access by using authentic-looking emails and other tags when requesting access to passwords, usernames and other confidential information
  • Involve other such access as telephone contact in a credible manner seek disclosure of restricted or confidential information from employees
  • Include phishing and similar attempts to direct employees to unauthorized websites for purposes of accessing confidential information

Your internal vulnerability assessment should:

  • Scan your entire network, including all hardware and software
  • Conduct LAN sweeps
  • Perform internal vulnerability, patch management and port scanning
  • Provide a detailed report that recommends concrete steps for securing your network

Meet your HIPAA penetration, social engineering and internal vulnerability testing requirements with CSI

For more than 12 years, CSI has worked with banks and financial institutions to assess the security of their systems and develop solutions for vulnerabilities. CSI has developed specific solutions to test for the risks of external penetration of information systems, the risks of internal weaknesses due to social engineering of employees and from potentially damaging network security lapses. These solutions are particularly useful as a component of any HIPAA security program. Check out our:

Comply with your HIPAA obligations by protecting your customers’ PHI (protected health information) and your business. Learn more about CSI's suite of products and how it will facilitate your HIPAA security testing and compliance demands.

Microsoft Certified Gold Partner

Contact Us   |  Privacy Policy  |   Site Map

© 2014 Computer Services, Inc. All rights reserved.