GSG Compliance will be there with you step-by-step

1.      Security Risk Assessment

Our team of healthcare information technology experts will utilize the HITRUST Common Security Framework (CSF) and the CSF Assurance Program, the most broadly adopted information security control framework within the healthcare industry to design your Security Risk Assessment.

By leveraging this approach, GSG is able to streamline the risk assessment process by focusing on data‚Äźbacked, known high risk areas and those controls defined to be “reasonable and appropriate” for a Covered Entity and/or B.A. environments.

GSG will assist you in completing the assessment.  This may include working with your current IT Provider, EHR Vendor, as well as any other business partners that may have access to protected health information ("PHI") or have an influence on your security and privacy.

SAMPLE Risk Assessment Questionnaire

2.    Information Security Policies

Our team will also work with you to develop a series of information security policies for the processing, storage, and handling of Protected Health Information (“PHI”) for a Covered Entity and its satellite offices (if applicable), and Business Associate.

SAMPLE Information Security Policies


3.     Remediation Plans

The remediation document maps back to the Risk Assessment findings which provides best practice guidance to remediate the identified weaknesses. We refer to this document as a "living document" - meaning it will require continued and consistent follow up by the Covered Entity or Business Associate.


SAMPLE Remediation Plan

Get Started

If there is any way we can help you, please contact us:

GSG Compliance, LLC
3780 Mansell Road, Suite 250
Alpharetta, GA 30022
877-828-8809 (fax)