Privacy & Information Assurance
With the increased use of electronic health records and security threats to information systems on the rise, information assurance and privacy have becometop priorities for federal and commercial businesses. Security and privacy for all systems and organizations, especially in the healthcare sector, must meet strict standards that are constantly evolving. Applications must also comply with the latest Privacy and Health Insurance Portability and Accountability Act (HIPAA) laws to ensure all communications containing Personally Identifiable Information (PII) or Protected Health Information (PHI) are appropriately safeguarded.
Axiom has more than ten years of experience working with the Department of Defense (DoD), Military Health System (MHS), and TRICARE Management Activity (TMA) to manage and execute their Privacy and HIPAA programs. Our information assurance team has also successfully completed more than 50 formal, annual DoD Information Assurance Certification and Accreditation Process (DIACAP) security audits to ensure the many systems we have developed for DoD remain secure and available.
Axiom's Privacy and Information Assurance Services include:
- Assisting in the development of policy and providing program oversight in the implementation and execution of Privacy Programs
- Drafting, reviewing and maintaining Privacy Impact Assessments (PIA) and System of Records Notices (SORNs)
- Developing system requirements for implementation of HIPAA electronic standards, including conversion to ICD-10
- Ensuring and maintaining the security of applications per Federal regulations, such as DIACAP and Federal Information Security Management Act (FISMA)
- Performing security scans, drafting mitigation strategy reports (MSRs) and plans of actions and milestones (POAMs), and assisting in the mitigation of findings
- Drafting and maintaining security documentation including: Disaster Recovery Plans, Continuity of Operations Plans (COOP), Incident Response Plans (IRP), Contingency and Business Continuity Plan (CBCP), Information System (IS) Core, and System Design Documents (SDD)
- Integrating Common Access Cards (CAC) and Public Key Infrastructure (PKI) technologies into new or existing systems
Axiom's Privacy and Information Assurance clients include:
- The DoD TMA HIPAA Electronic Standards Program Management Support, supporting all aspects of HIPAA implementation in the MHS direct care and purchased care systems.
- Defense Privacy and Civil Liberties Office (DPCLO), providing program management and support, including reviewing policies, monitoring breach reports, serving as a central point of contact for all SORNs, and assisting personnel with inquiries about privacy and civil liberties matters.
- DoD TMA Privacy Office, providing senior program management support to the first-ever MHS Privacy office. Supporting policy development and program oversight for all provisions of privacy-related federal legislation and DoD regulations.