· Overview · Computer Security Standards, Policies and Procedures · IT Management and Capital Planning · Critical Infrastructure Protection Analysis · Certification and Accreditation · Privacy Services & HIPAA Implementation

System 1 has been involved in the development of HIPAA regulations through its involvement with URAC/WEDI (Utilization Review Accreditation Commission/Workgroup for Electronic Data Interchange). System 1 has certified CMS personnel for HIPAA compliance assessment, as well as cyber security engineers that can evaluate information system for overall risk.

Tracking of privacy and security related laws, rules, and regulations In March of 2002, System 1 led the White House Executive Branch Information Systems Security task force to determine if there are gaps in the existing security standards for providing protection for sensitive information. The taskforce consisted of members from Government and Industry charted to determine the effectiveness of current security policies and procedures. This task resulted in a review of over 50 national standards, guides, and regulations. These standards, guides and regulations were evaluated according to a maturity scale of clarity, roles and responsibilities,and other factors that were deemed critical in carrying out the protection requirements. Recommendations to improve the clarity and compliance with these documents were presented to the White House Executive Branch.

Policy and Planning System 1 is a member of the NIST/ URAC/ WEDI team developing guidance on HIPAA. We are presently engaged in the review of a guidance document for the Security Rule enacted on Feb 20, 2003, providing a mapping between the Privacy Rule and the Security Rule. The goal of this work is to develop a common set of health care security standards that will cover security policies, procedures, controls, and auditing practices including certification and accreditation. System 1's experience in tracking legislation, rules, and regulation changes; developing policies and directives; developing guidance documents for managers, employees and technical staff; assisting in choosing appropriate information technologies; assisting in deploying effective security controls and authentication tools consistent with requirements; and ensuring technology implemented is consistent with Federal and agency guidelines for enterprise architecture provides the HIPAA team a seasoned asset.