Health Information Security

Cost Effective Management of Complex Security Challenges

Leidos's teams of security specialists have deep knowledge and understanding of the privacy and security policies and technologies needed to enable compliance with the numerous federal statutes and regulations to which HCOs may be subject. These requirements include the Health Insurance Portability and Accountability Act (HIPAA) Security and Privacy Rules, National Institute of Standards and Technology health IT and security standards and best practices, various financial integrity statutes, and for federal agencies, the Federal Information Security Management Act (FISMA), as well as state and industry data protection requirements and best practices.

Our security and privacy experts serve in leadership roles on prominent national health IT forums including the HHS Office of the National Coordinator for Health IT (HIT) Privacy and Security Standards Committee and the National Health Information Sharing and Analysis Center (ISAC) Board of Directors.

We help our customers comply with legal mandates and help select solutions that enable effective protection of the confidentiality, integrity and availability of sensitive information.

Risk Management

We apply our deep expertise in security risk assessments, architecture, design, development, implementation, testing, security auditing, intrusion prevention/detection and mitigation and certification and accreditation to the healthcare setting. We help ensure that our solutions can operate safely and effectively to protect sensitive information in each unique customer environment.

• We work with our customers to analyze threats and their vulnerabilities to those threats, and to develop mitigation strategies.
• We develop effective security policies and procedures and design and deploy the technical implementation of the policies.
• We develop solutions to prevent, detect and mitigate loss of sensitive data both from insiders as well as external intruders.
• We help our customers anticipate, protect, detect, defend, respond and recover from cybersecurity incidents and disruptions.

Preserving Data Integrity and Availability — Critical to Patient Health and Safety, and Business Reputation

Protecting patient data is not only an issue of privacy and confidentiality protection and regulatory compliance for HCOs but is also a matter of patient safety. The viability of the health enterprise directly depends on its ability to secure its systems and data, and the consumers of its services.

Protecting the integrity of health data against corruption and guarding its availability and accuracy are critical to safe and effective clinical care. Our security solutions and services enable HCOs to collaborate and share ePHI and other sensitive and safety-critical information safely across systems and networks.

Data corruption, data breaches and systems intrusions create patient safety issues and endanger the reputation of the HCO. Our cybersecurity technical capabilities, proven in the national security and defense domains, help our health customers guard precious data and business reputations in an increasingly challenging and competitive world.

Critical Security Services in the Healthcare Organization

Our security services span the full range of the security life cycle. Some of our security services critical to the HCO include:

Securing the Healthcare Organization Today for the Future

The standards of care for securing health data have evolved to recognize the increasingly aggressive threats to electronic health records. Providers entrusted with private personal health data and valuable business data are stepping up their capability to secure sensitive data as not only a compliance imperative but also as a business continuity strategy.

Leidos brings proven vendor specific expertise in EHR systems combined with our expertise in security to help our clients anticipate and address continuously evolving challenges.

Enterprise Risk Management and Information Assurance Services

Service	Benefit
Security consulting	Our security consulting services provide the governance, risk management, and compliance framework as a foundation to guide planning and implementation for a security-conscious organization.
Identity and Access Management	We provide solutions to enable controlled access to sensitive personal and institutional data to prevent unauthorized use.
Audit Log Management and Access	Detection of policy violations and access to patients as required by federal regulation.
Audit Log Management and Access Reporting / Data Loss Prevention	Detection of policy violations and access to patients as required by federal regulation.
Certification and Accreditation and Continuous Monitoring of Security Measures	Enterprise-wide and ongoing assessment of vulnerabilities and recommended mitigations to strengthen the security of mission-and life-critical systems.

Platform Integrity and Secure Software Life Cycles

Service	Benefit
Software security development for Electronic Health Record (EHR) systems	Hardening the security around EHR systems and the interfaces and exchanges with other systems is essential to regulatory compliance and patient safety.
Secure Mobile Solutions	Expertise in wireless security technologies and expertise in secure and seamless integration with EHR systems ensure regulatory compliance and patient safety.
Advanced Analytics and Forensic Analysis	Analysis of the causes and sources of intrusions to form strategies to mitigate damage and restore operations.

Managed Security Services (MSS)

Service	Benefit
Managed Security Services and Defense in Depth	Security operations center support, intrusion prevention and detection, continuous monitoring, and threat and vulnerability management across the HCO enterprise systems 24/7/365.