Security and Risk Program Development for one of the nation’s largest health systems

Services: Interim CISO Leadership, HIPAA Risk Assessment and Remediation

The Challenge

TrustPoint assisted one of the nation’s largest health systems with the development of their Information Security and Risk management program. The organization needed to implement an appropriate governance framework, staffing model, and risk management controls to manage this massive health system’s risk profile as it moved from a federated model to a centralized IT service structure.

Our Approach

TrustPoint provided the leadership to drive the analysis, assessments and overall program development to ensure the organization could meet the information security requirements of Meaningful Use, HIPAA and HITECH. TrustPoint also interfaced with the US Department of Health and Human Services, Office for Civil Rights to represent this client as part of the OCR’s follow-up investigation regarding a prior breach.


The result was the implementation of a successful security and risk management program that addressed the consolidation of the Information Security and Risk Management function into a centralized team. The necessary framework, methodologies and processes were identified and documented to ensure the program was manageable and addressed plans for remediation of any areas deemed to be at risk.