It's no surprise that privacy and security are top of mind for healthcare organizations and CBOs. Year after year, the industry has had a record number of data breaches and ransomware attacks causing sensitive patient information to be exposed, and outages affecting patient care.
Organizations are seeking help more than ever to improve their privacy and security posture. Thankfully, with the newly introduced CalAIM TA Marketplace, help and transformation are on the way.
What is the CalAIM TA Marketplace?
The CalAIM TA Marketplace is a virtual marketplace where providers, community-based organizations counties, and other entities can find qualified vendors to perform a comprehensive range of technical assistance resources including privacy and security risk assessments.
These solutions are provided by trusted vendors who have been vetted by the California Department of Health Care Services (DHCS) to ensure their effectiveness and reliability. With the help of the CalAIM TA Marketplace initiative, healthcare organizations can easily find and implement the solutions they need to address their specific privacy and security needs, while also meeting regulatory requirements.
Who is eligible to receive services from the CalAIM TA Marketplace?
TA Recipients may include, but are not limited to:
County, city, and local government agencies
Public hospitals
Providers (ECM) and Community Supports provider, or those that intend to contract as an ECM/Community Supports providers including those serving as a provider of housing services
Community-Based Organizations (CBOs)
Medi-Cal Tribal and Designees or Indian Health Programs
Others, as approved by DHCS
TA Recipients must:
1. Be actively contracted with Managed Care Plans (MCPs) for the provision of Enhanced Care Management (ECM) / Community Supports, or
2. Have a signed attestation that they intend to contract to provide ECM / Community Supports in a timely manner, or
3. Be approved by the California Department of Health Care Services (DHCS) to register as a TA recipient
MCPs are not eligible to receive TA support through the TA Marketplace
What is the cost of receiving a Privacy and Security Risk Assessment on the CalAIM TA Marketplace?
Eligible organizations do not need to pay to receive services from the CalAIM TA Marketplace. The services provided by the qualified vendors on the online platform are funded by the California Department of Health Care Services (DHCS). This means that healthcare organizations, community-based organizations, counties, and other entities can access the solutions they need to improve their privacy and security posture at no cost or additional funding.
This is a significant benefit for organizations that may not have the resources to invest in privacy and security solutions on their own. With the CalAIM TA Marketplace, organizations can receive high-quality technical assistance resources without breaking the bank.
What is a Privacy and Security Risk Assessment?
A privacy and security risk assessment is a process of identifying, evaluating, and mitigating potential risks to the confidentiality, integrity, and availability of sensitive information or systems. It involves analyzing the likelihood and impact of various threats and vulnerabilities and identifying the controls and safeguards that can be implemented to reduce or manage those risks.
The assessment covers a wide range of areas, such as physical, administrative, and technical controls, and regulatory compliance. The goal is to ensure that appropriate measures are in place to protect sensitive information and systems from unauthorized access, use, disclosure, alteration, or destruction, and to comply with relevant laws and regulations.
What does a Privacy and Security Risk Assessment Include?
A good security risk assessment will include:
A comprehensive review of policies, procedures, business practices, technology infrastructure, and workplace environment to analyze current business practices against privacy and security requirements
Privacy and security gap assessment of the organization’s risk posture, including a risk score and dashboard to support leadership engagement and decision-making
Roadmap with prioritized action steps for remediation of identified risks with recommendations on all aspects of compliance in a cross-sector, CalAIM environment.
Executive Summary Report highlighting assessment results for executive management and/or Board of Director's consumption
Management Report with a more in-depth look into each phase of the assessment, highlighting strengths and weaknesses that affect the organization's overall security posture
Full Report containing all controls, findings, recommendations, and technical data supporting the Security Risk Assessment
Vulnerability Scan Risk Report showing the risks related to all vulnerabilities discovered during vulnerability scanning
HIPAA Gap Report (if applicable) listing all controls addressed by the HIPAA Gap Assessment with a crosswalk to relevant recommendations
What are the benefits of a Privacy and Security Risk Assessment?
There are many benefits to conducting a privacy and security risk assessment. The first and most obvious is compliance with data privacy and security regulations. These assessments help ensure that your organization is meeting its obligations under applicable laws and regulations such as the Health Insurance Portability and Accountability Act (HIPAA), System and Organization Controls (SOC2), General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI DSS), ISO 27001, California Consumer Protection Act (CCPA) and more.
Another benefit of conducting a security risk assessment is improved data security within your organization. By identifying potential threats and vulnerabilities before they occur, you can take steps toward preventing them from impacting patient care or exposing sensitive information about patients. When patients visit your facilities or website, they want to know that their personal information is safe and secure. By conducting regular assessments, you can demonstrate your commitment to protecting their data and maintaining their trust.
Overall, a privacy and security risk assessment is an essential tool for healthcare leaders who want to ensure compliance, improve data security, prioritize their investments in security controls and technologies, and build trust with patients and stakeholders. With the introduction of the CalAIM TA Marketplace, healthcare organizations have access to a one-stop shop for privacy and security services, making it easier than ever to protect patient data and maintain compliance with regulatory requirements.
How do I apply to receive a Privacy and Security Risk Assessment from the CalAIM TA Marketplace?
Our team can help entities interested in accessing TA resources through the CalAIM TA Marketplace by confirming eligibility criteria and providing the correct TA Recipient registration forms. TA Recipient registration forms will be reviewed on an ongoing basis throughout the life of the TA Marketplace.
Contact us to get started today.