Privacy and Security



Improve your security posture and meet HIPAA and international privacy requirements

Double Helix will help your organization identify privacy and security risks, improve your security posture, and meet privacy and security regulatory requirements.

Our industry experts help laboratories, covered entities, business associates, and software-as-a-service (SaaS) companies develop a privacy and security compliance program that meets the requirements of HIPAAHITECH, and the Final Omnibus Rule.

We will collaboratively craft implementable security policies and procedures that comply with the latest regulations, and implement practical privacy and security safeguards using HIPAA and ISO 27000 security frameworks and include the administrative, physical, and technical controls for protected health information.

Double-Helix® Privacy and Security Services will keep you abreast of the latest news and changes in regulations and provide accurate interpretation, practical guidance, and solutions your company can use.

Protected Health Information Protection

We will help you identity where Protected Health Information (PHI) and Personally Identifiable Information (PII) lives in your organization and best-practice, practical guidance on physical, technical, and administrative processes that work to protect your most sensitive information.

HIPAA Security SafeguardsDouble-Helix will help you develop privacy policies, procedures, training, defense-in-depth security, incident response, and can also conduct vendor assessments.  Our services will help your organization manage its security portfolio, perform risk assessments, and develop a strategic roadmap for security improvement.

We understand the risk management and compliance challenges of today’s companies including, FIPS 200/FISMA, Sarbanes-Oxley Section 404, HIPAA/HITECH, ITIL, ISO 2700x, COBIT, 21 CFR Part 11, FISMA,  PCI, and EU Data Privacy and EU-U.S. Privacy Shield, and SSAE 16.

Security Audit and Risk Assessment

We will execute a detailed security audits and gap analysis of your existing policies, procedures, and informal processes to identify compliance weaknesses and critical areas that require remediation.  Our formal security audits can benchmark your security posture against HIPAA and ISO 27002 control requirements.

We will collaborate with your team to conduct targeted risk-assessments using semi-quantitative methodologies to characterize and control threats and vulnerabilities based on the likelihood of occurrence, severity, and impact.

We can assist you with vendor assessments, contract review, and negotiation with Software as a Service (SaaS) providers and other vendors to ensure they meet the necessary administrative, physical, and technical safeguards, training, and compliance practices required to protect your confidential and sensitive information.

Vulnerability Scanning and Penetration Testing

Double Helix will perform automated network vulnerability assessments and web application scans of your network, servers, and web servers. These scans will help you proactively scan and discover unpatched software and vulnerabilities to threats such as SQL injection, XSS, CSRF, and other OWASP top 10 risks.  We use industry leading Qualys® Scanning technology to perform periodic assessments and develop a prioritized set of remediation activities.

Double Helix has a world class team to conduct advanced in-depth penetration testing of your network and systems. Our “whitehat” certified ethical hackers use advanced techniques and customized scripts to attempt to break into your computer network to test and evaluate the security of your network and systems.

The team can perform social engineering simulations to give your employees real-world awareness about the risks of being manipulated into revealing confidential information.

Network Security Engineering and Managed Services

Double Helix provides network review, architectural design, and implementation services for Cisco, Palo Alto Networks, Juniper, HP, Arista, Meraki and related networking gear.

We offer Managed Network Services to remotely administer, manage, and monitor your network hardware and systems. Each device is instrumented and managed by our network engineers using a systematic change control, service request, and pro-active management process. When security incident occurs, we offer rapid incident response conducted by experienced security professionals trained in threat detection, data protection, and forensic analysis.

We can recommend and are an authorized provider of a variety of commercial end-point security software, next-generation EPP, centralized log monitoring and SIEM platforms, data protection, and security testing services such as Sophos, Alien Vault, SumoLogic, Whitehat Security, Datto, and AlertLogic.

Leadership Roles

Double Helix can serve as an interim Privacy Officer for your organization. We will help you map changing rules and regulations to practical solutions and effective privacy and security strategy and decisions for your company.

Double Helix is your on-call privacy advisor to help you deal with privacy incidents in real time be an expert sounding board to your internal privacy officer, security officer, security operations, and legal teams.

Sample Privacy and Security Offerings:

  • Privacy and Security Assessment/Audit
  • HIPAA Program Establishment and Omnibus Tune-Up
  • EU Data Protection and Privacy Shield
  • Risk Assessment Workshops
  • Web and OS Vulnerability Assessments
  • Policy Review
  • Business Associate Agreements
  • Architecture and Design
  • Training and Security Awareness
  • Social Media Policy Development
  • Secure Coding Standards
  • Disclosure and Breach Notification Workshop
  • Network Engineering
  • Penetration Testing
  • Security Incident Response
  • PCI DSS 3.0 assistance
  • End-Point Protection and Log Monitoring Platforms

Policy and Procedure Development

Double Helix engages your team in writing policies and procedures that are practical, meaningful, and don’t just sit in a binder “on-the-shelf”.

We can provide full document templates, forms, or modify your existing protocols.  We are available for ad-hoc phone questions to help you interpret regulations in a practical and implementable manner.

Training

We conduct workshops with your team members and discuss real-world scenarios to educate your team members and provide security and privacy awareness.

We can help you understand Health and Human Services (HHS) regulations and announcements.  Furthermore, we can train your team on how to respond to complaints and audit requests.

We develop customized on-site training sessions and materials on wide range of privacy and security topics.