• +1 866 576 4414
  • info@AARC-360.com
  • 8000 Avalon Boulevard, Suite 100 Alpharetta, GA 30009
Compliance - HIPAA, FISMA, NIST, MARS-E, GLBA
Our Services

Compliance

Our Compliance services are designed to help organizations achieve their efforts to ensure that they are aware of and take steps necessary to comply with relevant laws and regulations such as the HIPAA Security Rule or the Federal Information Security Management Act (FISMA).   We can assist you by performing an assessment to determine your organization’s compliance with applicable laws and regulations and report on the results of our assessment.

Select an Compliance Solution

If your organization is defined as a covered entity or a business associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) that handles electronic protected health information (“ePHI”), you are required to implement policies necessary to secure such information in accordance with the HIPAA Security Rule.  Additionally, the HITECH Act includes requirements for organizations that store ePHI to implement procedures to report the breach of unprotected ePHI.  We will assist you by performing an assessment to determine the organization’s compliance with the HIPAA Security Rule and will evaluate the organization’s incident response and breach reporting procedures against the HITECH requirements.

We can assist organizations that are required to comply with the Federal Information Security Management Act (FISMA) requirements that may require an independent assessment of its security controls in accordance with the National Institute of Standards and Technology (“NIST”) Special Publication 800-53 rev4 (“SP 800-53”).

The enactment of the Patient Protection and Affordable Care Act (ACA) of 2010 gave way to the creation of the federal and state Health Insurance Exchanges (HIXs or marketplaces) which facilitate the purchase of health insurance by consumers and small businesses. The Exchanges handle Personally Identifiable Information (PII), Protected Health Information (PHI), and Federal Tax Information (FTI) and the functions of the Exchanges require data from various federal agencies, including the Department of Health and Human Services (HHS), Internal Revenue Service (IRS), Social Security Administration (SSA), and Department of Homeland Security (DHS).

AARC-360 has highly qualified resources certified in ISO 27001, BS 10012, and ISO 27701 and can provide a comprehensive consulting services to the organizations helping them comply with GDPR requirements.

AARC-360 will perform an initial gap analysis to identify the maturity of the organization with respect to GDPR articles.

AARC-360 will perform an initial gap analysis to identify the compliance of the organization with respect to CCPA sections.

A Certified Data Protection Officer (CDPO) from AARC-360 will guide the organization to meet the gaps by formulating the required policies and procedures.

AARC-360 will help the organization in performing Data Protection Impact Analysis (DPIA) using eGRC tool. Consultants will analyze the organization’s application to define the data model and process model to identify the impacted data elements and processes.

Internal Revenue Service Publication 1075 (IRS 1075) provides guidance to ensure the policies, practices, controls, and safeguards employed by recipient agencies, agents, or contractors adequately protect the confidentiality of Federal Tax Information (FTI).  FTI as defined by the IRS is any tax return or return information received from the IRS or secondary source.

The Gramm-Leach-Bliley Act (GLBA) of 1999 requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.