Privacy and Security



Improve your security posture and meet HIPAA and international privacy requirements

Double-Helix® Privacy and Security Services will help your organization identify privacy and security risks, improve your security posture, and meet privacy and security regulatory requirements.

Our industry experts help laboratories, covered entities, business associates, and software-as-a-service (SaaS) companies develop a privacy and security compliance program that meets the requirements of the Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulations (GDPR), Federal cybersecurity guidelines, and industry best-practice. 

We will collaboratively craft implementable security policies and procedures that comply with the latest regulations, and implement practical privacy and security safeguards using National Institute of Standards and Technology (NIST) and ISO 27000 security frameworks that include the administrative, physical, and technical controls for protected health information and personal information.

Double-Helix will keep you abreast of the latest news and changes in regulations and provide accurate interpretation, practical guidance, and solutions your company can use.

Protected Health and Personal Information Protection

We will help you identity where Protected Health Information (PHI) and Personally Identifiable Information (PII) lives in your organization and best-practice, practical guidance on physical, technical, and administrative processes that work to protect your most sensitive information.

HIPAA Security Safeguards

Double-Helix will help you develop privacy policies, procedures, training, privacy impact assessments, defense-in-depth security, incident response, and can also conduct vendor assessments.  Our services will help your organization manage its security portfolio, perform risk assessments, and develop a strategic roadmap for security improvement.

We understand the risk management and compliance challenges of today’s companies including, FIPS 200/FISMA, Sarbanes-Oxley Section 404, HIPAA/HITECH, ITIL, ISO 2700x, COBIT, 21 CFR Part 11, FISMA,  PCI, General Data Protection Regulation (GDPR), EU Data Privacy, EU-U.S. Privacy Shield, and SSAE 16/18.

Security Audit and Risk Assessment

Double-Helix will execute a detailed security audit and gap analysis of your existing policies, procedures, informal processes to identify compliance weaknesses and critical areas that require remediation.  Our formal security audits can benchmark your cloud security posture against HIPAA, HITRUST, and ISO 27002 control requirements.

We will collaborate with your team to conduct targeted risk-assessments using semi-quantitative methodologies to characterize and control threats and vulnerabilities based on the likelihood of occurrence, severity, and impact.

We can assist you with vendor assessments, contract review, and negotiation with Software as a Service (SaaS) providers and other vendors to ensure they meet the necessary administrative, physical, and technical safeguards, training, and compliance practices required to protect your confidential and sensitive information.

Vulnerability Scanning and Penetration Testing

Double Helix will perform automated network vulnerability assessments and web application scans of your network, servers, and web servers. These scans will help you proactively scan and discover unpatched software and vulnerabilities to threats such as SQL injection, XSS, CSRF, and other OWASP top 10 risks.  We use industry leading Qualys® Scanning technology to perform periodic assessments and develop a prioritized set of remediation activities.

Double Helix has a world class team to conduct advanced in-depth penetration testing of your network, systems, and applications. Our “whitehat” certified ethical hackers use advanced techniques and customized scripts to attempt to break into your computer network to test and evaluate the security of your network and systems.  We conduct deep testing of your web applications and mobile applications (iOS and Android) for data leakage, OWASP standards, and vulnerability to threats.

The team can perform physical security assessments and social engineering simulations including phishing, pretexting, and baiting, to give your employees real-world awareness about the risks of being manipulated into revealing confidential information.

Forensic Investigation

Our forensic partner is available to investigate and act upon data breaches in hospitals, universities, laboratories, financial institutions, and publicly traded companies alike. The response methodology rapidly collects data remotely, manages evidence, and analyzes the data at a centrally secured location.  The team works to address effectively handle theft of confidential information, espionage, ransomware attacks, data recovery, and denial of service threats.

Network Security Engineering and Managed IT Services

Double Helix provides network review, architectural design, and implementation services for Cisco, Palo Alto Networks, Juniper, HP, Arista, Meraki and related networking gear.

We offer Managed Network Services to remotely administer, manage, and monitor your network hardware and systems. Each end-point device is instrumented and managed by our network engineers using a systematic change control, service request, and pro-active management process.

When security incident occurs, we offer rapid incident response conducted by experienced security professionals trained in threat detection, data protection, and forensic analysis.

We can recommend and are an authorized provider of a variety of commercial end-point security software, next-generation EPP, centralized log monitoring and SIEM platforms, data protection, and security testing services such as Sophos, Alien Vault, SumoLogic, Whitehat Security, Datto, and AlertLogic.

Leadership Roles

Double Helix can serve as the Privacy Officer for your organization. We will help you map changing rules and regulations to practical solutions and effective privacy and security strategy and decisions for your company.

Double Helix is your on-call privacy advisor to help you deal with privacy incidents in real time be an expert sounding board to your internal privacy officer, security officer, security operations, and legal teams.

Sample Privacy and Security Offerings:

  • Privacy and Security Assessment/Audit
  • HIPAA Program Establishment and Omnibus Tune-Up
  • EU Data Protection, GDPR, and Privacy Shield
  • Risk Assessment Workshops
  • Web and OS Vulnerability Assessments
  • Policy Review
  • Business Associate Agreements
  • Architecture and Design
  • Training and Security Awareness
  • Social Media Policy Development
  • Secure Coding Standards
  • Disclosure and Breach Notification Workshop
  • Network Engineering
  • Penetration Testing
  • Security Incident Response
  • PCI DSS 3.0 assistance
  • End-Point Protection and Log Monitoring Platforms

Policy and Procedure Development

Double Helix engages your team in writing privacy and security policies and procedures that are practical, meaningful, and don’t just sit in a binder “on-the-shelf”.

We can provide full document templates, forms, or modify your existing protocols.  We are available for ad-hoc phone questions to help you interpret regulations in a practical and implementable manner.

Training

We conduct workshops with your team members and discuss real-world scenarios to educate your team members and provide security and privacy awareness.

We can help you understand Health and Human Services (HHS) regulations and announcements.  Furthermore, we can train your team on how to respond to complaints and audit requests.

We develop customized on-site training sessions and materials on wide range of privacy and security topics.