Healthcare

Healthcare Industries

Ensuring Privacy, Compliance, and Security

At Guidepost Solutions, we provide tailored, cutting-edge solutions for the healthcare industry, helping organizations navigate regulatory changes, protect sensitive information, and mitigate risks. We collaborate closely with clients from start to finish, offering rapid and skilled responses based on extensive international and domestic experience. Our expertise covers multiple complex areas simultaneously, including data privacy, DEA compliance, physical security, and cybersecurity, allowing us to scale our support to meet your needs.

hospital sign on the outside of a building

Comprehensive Support

Our capability to address multiple complex matters faced by healthcare providers simultaneously allows us to scale our support as per your requirements, enabling parallel work on issues such as DEA Compliance Programs, Compliance + Monitorships, Investigations + Due Diligence, Risk Assessments, and Economic Damages + Valuations.

a hospital hallway with a stretcher being rolled down it

We collaborate closely with our clients throughout the entire process, from intake to achieving a successful resolution, recognizing the importance of working directly with the individuals who are handling your situation. We provide rapid and skilled responses based on extensive international and domestic experience.

Navigating the complex landscape of DEA regulations is no easy task. We specialize in providing tailored compliance strategies that ensure your operations are in full adherence with stringent regulatory requirements. Our DEA Regulatory Compliance practice is made up of nationally respected, multi-disciplinary experts in the Controlled Substances Act (CSA) and the Code of Federal Regulations (CFR). The team includes former DEA attorneys and compliance experts, Diversion Investigators, and Special Agents. Our experts can outline the appropriate steps to ensure fulfillment of the regulatory requirements of a DEA registration and help avoid the financial and reputational risk that can result from noncompliance, including potential enforcement actions.

Anti-diversion program compliance assessments
Anti-diversion program development
Suspicious order monitoring system (SOMS) evaluations
Controlled Substance Act (CSA) due diligence investigations
Customized background investigations
Mock DEA inspections, site visits, and audits
DEA regulatory compliance employee training
DEA registration application assistance for DEA registrants
Physical security assessments

Comprehensive compliance consulting and compliance monitoring services, including both proactive ethics and compliance program reviews and compliance monitoring services mandated by government authorities. Our experience acting as an independent monitor is unparalleled and we can provide the necessary oversight to help an organization satisfy regulatory obligations to restore integrity, protect your reputation, and maintain compliance with industry standards.

We provide:

Ethics + Compliance Program Reviews
Code of Ethical Conduct Assessments
Privacy under HIPAA and HITECH ACT
Information Security: ISO27001, NIST CSF/800 Series, CIS
Readiness Assessments and Audits: HIPAA/SOC2/HITRUST
Fraud and Abuse/Anti-Kick Back Statute/Stark Act Consulting
False Claims Act Compliance
Virtual Healthcare Compliance
Clinical and Database Research
Divestiture Monitoring Trustee
Enterprise Risk Management Program
Independent Assessment + Audits

Swiftly and discreetly respond to any potential misconduct within your organization. We uncover the facts in complex, often multi-national, investigations utilizing comprehensive desktop, field, and cyber investigation methods. Whatever the context of the investigation, we tackle each assignment with the objective of providing you with the information required to make informed decisions, solve problems and protect assets.

Our team includes licensed investigators with experience working as federal and local prosecutors and law enforcement agents; digital forensic experts; forensic accountants; data and intelligence analysts; and former federal agents from the U.S. Department of Homeland Security, the Federal Bureau of Investigation, the Internal Revenue Service, the U.S. Secret Service, and the U.S. Marshal Service. Some have been called upon to testify as experts in federal and state courts.

Our capabilities, relationships and tools, allow us to effectively undertake any scope of investigation – nationwide and around the world – on a moment’s notice.

Identify and mitigate risks before they escalate into costly incidents. Our comprehensive risk assessments evaluate potential vulnerabilities, providing actionable insights to enhance your organization’s resilience and ensure optimal protection of patient information and critical assets. We can conduct risk assessments as part of a readiness evaluation for audits like SOC2 or HITRUST, or in response to requirements under the HIPAA Security Risk Rule or HITECH Breach Notification rule. Our team can review existing operational policies and procedures, codes of conduct, physical security, and regulatory compliance requirements.

The Guidepost Economic Damages + Valuation team provides comprehensive and understandable solutions to complex financial issues encountered during the course of litigated and non-litigated economic damage and business valuation matters. Our team includes certified public accountants, forensic accountants, business valuation and finance specialists, business intelligence experts, and forensic computer experts. Once a matter is evaluated, we call on those with the skills that are the most appropriate for the specific engagement.

We provide game-changing intelligence to support our findings in our damage analyses and business valuation reports. Our highly sophisticated damage models, expert and valuation reports, and expert testimony enhance the chances of a successful result for you, especially in instances where the opposing party takes great pains to minimize or hide assets, or understate or overstate financial statements, tax returns, and other filings.

Operational assessments are crucial for hospital clients as they ensure compliance with stringent regulatory requirements set by Occupational Safety and Health Administration (OSHA), The Joint Commission (TJC), Det Norske Veritas (DNV), the Center for Improvement in Healthcare Quality (CIHQ), National Fire Protection Association (NFPA), Nuclear Regulatory Commission (NRC), Drug Enforcement Administration (DEA), National Institute for Occupational Safety and Health (NIOSH), Health Insurance Portability and Accountability Act (HIPAA), The Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act (Clery Act), Title IX, and the Centers for Medicare and Medicaid Services (CMS) as well as state and local requirements such as those of California Occupational Safety and Health Administration (CalOSHA) These assessments help healthcare facilities identify and mitigate potential risks that could impact patient safety, staff welfare, and operational integrity. Regular evaluations not only align with mandatory standards but also reinforce a facility’s commitment to providing a safe and secure environment. By identifying and addressing gaps hospitals can avoid costly penalties and uphold their reputation in an increasingly regulated industry.

Every healthcare associate must become a willing participant in the safety and security of themselves and others. The healthcare security department responds to a litany of security risks such as assaults, bomb threats, burglaries, disturbances, fires, homicides, robberies, stalking, terrorism and theft as well as other security- and safety-related risks. Guidepost’s team of experienced and certified security administrators and managers assess the security management plan and how it is implemented operationally. Departmental staffing, allocation, training and incident responses are evaluated for efficiency and effectiveness in real world situations to determine gaps and opportunities for improvement. The deployment of technology and appropriate monitoring of security systems can be a force multiplier in security operations. Our team has experienced and certified physical security professionals who can evaluate the technology used and seek integrations to aid in the management of operations. Our experienced team can design or enhance security command or operations centers for your facility scalable to your enterprise and its needs.

“Tenet Healthcare identified a need for our security personnel and other team members to receive training on Fentanyl and the safe handling of illicit drugs. We hired Guidepost Solutions based on their extensive DEA field experience as well as their certification as DEA instructors. Susannah Herkert delivered an impactful, sensical, and detailed training on fentanyl and safe handling practices for illicit drugs. We are grateful for the training and the safe environment it promoted for our team members.”

Sonia Johnson, Corporate Security Zone Leader (Regional Manager) over all Tenet Healthcare Special Investigations

Reviews + Assessments

Ensuring that your organization is compliant with regulatory requirements and industry standards for information security and privacy is essential. Increasingly, customers, investors, regulators, auditors, and others are requiring evidence of a 3rd party assessment, audit, or certification to provide assurance that data privacy, information security, and regulatory compliance are of paramount importance to you.

But completing a 3rd party assessment is a daunting and complex endeavor. Our team understands how Health Insurance Portability and Accountability Act (HIPAA) compliance, Health Information Trust Alliance (HITRUST) certification, Service Organization Control 2 (SOC 2) audits, and other evaluations against established frameworks and standards are critical to an organization’s success.

From large, global organizations to startup, virtual healthcare providers, our insight into regulations and compliance leads to successful first-time certification submissions and audits, which ultimately produces a more secure organization. While regulations and standards are a one-size-fits-all, your business is unique. We will customize the security and privacy control baselines through a variety of factors including organization type, size, systems, and regulatory requirements for achieving enhanced security and compliance.

Expertise

HITRUST
HIPAA
HITECH
EU-U.S. Data Privacy Framework
SOC 2, SOC 3
NIST Privacy Framework
CIS
ISO
COBIT
PCI-DSS
GDPR
CCPA/CPRA
And more

We have design and implementation experience related to the following privacy program components:

PI/PHI inventory and mapping
Data Protection Impact Assessments (DPIA)
Data Minimization
Privacy Rights Request Management (DSAR)
Customer Identity and Access Management (CIAM)
Privileged Access Management (PAM)
Identity Access Management (IAM)
GRC tools and automations for continuous monitoring, audit, compliance and risk management
Privacy Control Design
Third Party Privacy Compliance
Business Continuity and Disaster Recovery (BCDR)
Ransomware Prevention

We have helped guide many companies through the process of preparing for and completing a successful information security and privacy compliance review. By conducting a readiness assessment, we examine potential points of failure, remediate any control gaps, and anticipate potential problems. For example, our thorough readiness assessments will reduce the risk of wasting valuable resources on a HIPAA/HITECH review, HITRUST assessment, a SOC2 audit, or a PCI QSA audit before control gaps are remediated, costing you additional time and money.

Our team examines your business requirements and considers the different federal, state, and local laws that apply to your organization. We then assess the state of your current processes and procedures, evaluate your IT infrastructure and controls, and determine your readiness for HIPAA/HITECH review, HITRUST assessment, SOC2 audit, or PCI audit. Our readiness preparation is transparent and actionable because we know the complexity of day-to-day IT and security operations. We deliver customized recommendations to ensure you fully understand how to achieve success.

Expertise:

HITRUST
HIPAA
HITECH
SOC 1, SOC 2, SOC 3
NIST CSF/800 Series
CIS
ISO
COBIT
PCI-DSS
NYDFS Part 200/Part 500
GDPR
CCPA/CPRA
ONC FHIR
And more

We have design and implementation experience related to the following information security program components:

Asset Inventory
Endpoint Management
Penetration Tests
Data Protection Programs
Vulnerability Management
Network Security
Incident Response Management
Secure Software Development
Security Posture Assessments
Cloud Security Assessments
Customer Identity and Access Management (CIAM)
Privileged Access Management (PAM)
Identity Access Management (IAM)
GRC tools and automations for continuous monitoring, audit, compliance and risk management
Security Risk Management
Business Continuity and Disaster Recovery (BCDR)
Ransomware Prevention

At Guidepost, we specialize in providing comprehensive consulting services tailored to meet the unique needs of healthcare providers. Our expertise lies in offering Federal Anti-Kickback Statute (AKS) and Physician Self-Referral Law (Stark Act) compliance advice, ensuring that your organization remains fully compliant with these critical regulations. With the potential for costly civil and criminal penalties, it is essential to have the right guidance and support in place. Our team of seasoned professionals excels in conducting fair market valuations for Management Service Organizations (MSO) fees, enabling you to navigate the complex landscape with confidence.

In addition to our focus on anti-kickback and Stark Act compliance, we also assist healthcare providers in establishing robust policies and procedures for a range of critical areas. From Privacy/HIPAA and information security to False Claims Act and anti-kickback/Stark Act controls, we ensure that your organization is equipped with the necessary safeguards to mitigate risks and promote a culture of compliance.

When it comes to investigations and additional steps required for compliance, our team stands ready to support you. We possess a deep bench of investigators, lawyers, and researchers with broad geographic reach, ensuring that we have the necessary capabilities to assist you at every stage. Whether it is conducting interviews, delving into computer forensics, or utilizing advanced data mining techniques, we bring together a multidisciplinary team that combines technical expertise and legal acumen. With our comprehensive range of services and a steadfast commitment to your success, we are your trusted partner in achieving and maintaining compliance with federal regulations.

The Joint Commission, responsible for the accreditation of participating hospitals and healthcare facilities, in January, 2022, set new standards for workplace violence prevention. These include EP 1 (worksite analysis to identify potential workplace violence risks), EP 5 (establishing policies to manage identified risks), EP 10 (developing a workplace violence prevention program), and EP 12 (training staff on violence prevention strategies). Additionally, facilities must establish processes for reporting, tracking, and analyzing workplace violence incidents.

Failure to apply these standards can jeopardize employee safety and expose healthcare organizations to legal, economic, and reputational risks. Regardless of whether your organization participates in TJC accreditation, efforts to prevent workplace violence events should be paramount. Guidepost has extensive experience in healthcare protection administration and security management to assess your facilities and programs to strengthen your security posture and better protect those you serve without inhibiting the provision of efficient and quality patient care.

Healthcare facilities face unique challenges in ensuring the safety and security of their environments. A comprehensive Hazard Vulnerability Analysis (HVA) is essential for identifying potential threats and vulnerabilities, from natural disasters to security risks, that could impact operations and patient care.

An HVA helps healthcare providers anticipate and prepare for various risks, ensuring that they have effective strategies in place to manage emergencies. It is not just about compliance; it’s about safeguarding the wellbeing of patients, staff, and visitors, while also protecting the facility’s reputation and operational continuity. Failure to conduct a thorough HVA can leave healthcare organizations exposed to unexpected threats that could disrupt services, endanger lives, and result in significant financial and legal repercussions.

Guidepost is a leader in providing tailored Security Vulnerability Assessments (SVAs) as a critical component of a comprehensive HVA for healthcare organizations. With extensive experience in healthcare protection administration and security management, our team offers objective, third-party insights leveraging industry expertise beyond the capabilities and effectiveness of internal assessments. Our team works closely with healthcare facilities to evaluate the effectiveness of the current security program and management, existing security measures and systems, identify potential vulnerabilities, and recommend actionable strategies to strengthen and enhance security.

Guidepost’s expertise ensures that your HVA not only meets industry standards but also strengthens your facility’s security posture and ability to respond to emergencies. By partnering with Guidepost, healthcare organizations can trust that they are taking proactive steps to safeguard their operations and protect their patients beyond compliance with regulatory requirements.

Optimizing Security Operations

We have helped improve security command and security operations centers for varying industries including healthcare. The diversity of clients we service can add perspectives to our approach not found elsewhere. The consolidation and integration of technology and intelligence can help move your security department from a calls-for-service reactionary program to an informed risk reduction and prevention program. Systems commonly monitored in healthcare SOCs often include:

Video surveillance systems (VSS)
Intrusion detection systems (IDS)
Access Control Systems (ACS)
Visitor management systems (VMS)
Environmental alarm monitoring
Infant protection systems
Wandering prevention systems
Organizational Travel
Fleet management
Fire alarm control panels (FACP)
Mass notification systems
Virtual escorts
Social Media monitoring
Weapons detection systems
Weather monitoring
Helipad control
Incoming ambulances
Forensic patients
Credentialling
Parking enforcement
Incident reporting
Computer aided dispatch services (CAD)

We review and enhance the physical security standards of a healthcare organization by conducting a thorough evaluation of the existing systems and practices. Our process begins by assessing the current physical security measures, which may include access control systems, surveillance cameras, alarm systems, perimeter fencing, and security personnel protocols. This evaluation is conducted within the healthcare organization’s unique environment, addressing its operational needs and potential threats. Our team identifies gaps or vulnerabilities in the existing setup, such as outdated technology, blind spots in surveillance coverage, or inconsistencies in access control procedures. By comparing the organization’s current standards with industry best practices and regulatory requirements, we mark areas that need improvement and outline recommendations to enhance overall security.

After the review, we collaborate closely with the healthcare facility’s stakeholders to create or update physical security standards that address identified deficiencies and align with the organization’s security goals. This process involves developing a comprehensive security policy that outlines clear procedures for access control, monitoring, incident response, and ongoing maintenance. By developing appropriate standards, we ensure that they are practical, enforceable, and scalable, allowing the healthcare organization to adapt as its security needs evolve. Additionally, we may recommend the integration of new technologies, such as advanced surveillance systems or biometric access controls, to further strengthen security. By guiding the organization through the review and creation of physical security standards, we help build a robust security framework that not only protects the healthcare organization’s assets and people but also fosters a culture of security awareness and preparedness.

The Guidepost team can play a critical role in helping a healthcare system standardize its security systems across multiple facilities and assist in migrating from various disparate systems to a unified security platform. In many healthcare organizations, security systems have often been implemented at different times and locations, leading to a patchwork of solutions that may not integrate well with one another. This fragmentation can create inefficiencies, increase costs, and expose the organization to security vulnerabilities. Our process begins by conducting a comprehensive assessment of the existing security infrastructure across select or all facilities, identifying the different systems in use, their capabilities, and their limitations. We then analyze how these systems interact (or fail to interact) with one another and assess the overall effectiveness of the current security posture.

Working with the healthcare system’s leadership, security and IT teams, our team will develop a plan for standardizing security systems across the organization. This plan includes selecting a single, robust security platform that can meet the diverse needs of all facilities, whether it’s managing access control, surveillance, or incident response. The chosen platform will be selected to ensure it is scalable and capable of integrating with various technologies in use at the hospital system. The Guidepost team will guide the hospital stakeholders through an evaluation process that is collaborative, involving multiple departments. We can create a scoring template and assist in the overall selection of the platform. Once the platform is selected, we then help with the migration process, carefully planning the transition to minimize disruptions to operations. This includes data migration, system integration, and training for staff to ensure all are familiar with the new system. Our expertise ensures that the migration is smooth, efficient, and that the standardized security system enhances the organization’s overall security posture while reducing long-term costs and complexity.

A security consultant plays a vital role in designing a comprehensive security system for a hospital or healthcare facility. The Guidepost team has years of experience assessing healthcare facilities’ unique needs and challenges. Hospitals are complex environments with a wide range of security concerns, including the protection of sensitive patient data, safeguarding expensive medical equipment, ensuring the safety of patients, staff, and visitors, and maintaining regulatory compliance. Our process typically begins by conducting a thorough risk assessment, identifying potential vulnerabilities in both physical and technical security aspects. We evaluate existing security measures, analyze the flow of people and information throughout the facility, and assess critical areas such as emergency rooms, pharmacies, and data centers. Based on this assessment, our team develops a tailored security strategy that addresses the hospital’s specific risks and operational requirements.

Collaborating closely with hospital administrators, IT staff, and other stakeholders, the team designs an integrated security system that includes physical security measures like access control, surveillance, and alarm systems. This may involve designing a network of security cameras strategically placed throughout the facility, implementing access control systems to secure restricted areas, and ensuring that all systems comply with relevant healthcare regulations. In any project, we also consider the hospital’s budget and operational constraints and thereby recommend cost-effective solutions that do not compromise on safety or compliance. Once the design is finalized, we can oversee the implementation process, ensuring that all components are properly installed, tested, and integrated into the hospital’s operations. By providing this specialized expertise, we help hospitals and healthcare facilities create a safe and secure environment for their patients, staff, and visitors, ultimately enhancing the overall quality of care.

Our security assessments provide significant value to a healthcare system by conducting thorough facility security assessments, ensuring that all aspects of the physical environment are optimized for safety and protection. Given the unique challenges faced by healthcare facilities—including the need to protect sensitive patient data, control access to restricted areas, and ensure the safety of patients, staff, and visitors—these assessments are essential for identifying potential vulnerabilities and gaps in the current security infrastructure.

Our assessment process begins by performing an on-site evaluation of the healthcare facilities, which includes reviewing existing security measures such as access control systems, surveillance cameras, alarm systems, and perimeter defenses. We also assess areas that may be more susceptible to security breaches or risks, such as emergency rooms, labor and delivery areas, pharmacies, data centers, and patient care areas. Our team reviews how security protocols are being implemented by staff and whether these protocols align with industry best practices and regulatory requirements. Through this comprehensive assessment, we identify any weaknesses or inefficiencies in the current security setup.

After the evaluation, we provide the healthcare system with a detailed report that includes prioritized findings and actionable recommendations for improving security. This report may suggest upgrades to existing systems, such as adding more surveillance cameras in blind spots, enhancing access control measures to prevent unauthorized entry, or improving staff training on security protocols and developing specific policies and procedures. We prioritize these recommendations based on the level of risk, cost, and ease of implementation, helping a healthcare system make informed decisions about where to allocate resources. By guiding the healthcare system through the process of facility security assessments, we help create a safer environment for patients, staff, and visitors while ensuring compliance with relevant regulations and standards.