Corrective Action Plan Oversight and Guidance, Department of Health and Social Services

Project Brief

The theft of a USB drive potentially containing health information regulated by HIPAA (the Health Insurance Portability and Accountability Act of 1996) was the genesis of a stringent information security Corrective Action Plan required by the U.S. Department of Justice of the Alaska Department of Health and Social Services. The Department responded with a comprehensive, multi-pronged approach developed to meet and exceed the CAP requirements.

Wostmann, through its extensive network of subcontractors, provided a security consultant to guide the Department to compliance with the CAP. Wostmann advised the Department on the robust policies and procedures needed for compliance with HIPAA and the CAP, prepared a timeline for meeting CAP obligations, and provided advice on HIPAA security training and recommendations on handling of security incident investigations. Wostmann assisted with eliminating orphaned machines not regularly connected or updated via the network. Perhaps most importantly, Wostmann served as an independent external monitor as required by the CAP, reporting results of the ongoing compliance efforts directly to the U.S. Department of Health and Human Services.

Deliverables

  • Information security program in place
  • Independent monitoring reports delivered

Related Work

State and Local Contracts

Wostmann & Associates has more than 25 years experience in state government technology projects. We have supported the State of Alaska in a variety of initiatives, from website and reporting systems to complex integration and enterprise systems and we welcome opportunities to any state with our experienced, senior technology professionals. We often perform our government services via our joint-venture partnership, Alaska IT Group, which combines our services with those of other leading small technology firms. Wostmann and Alaska IT Group are registered in Alaska for several IT service categories listed below. State agencies and local governments may utilize the Alaska Task Order Procurement System (TOPS) for our services or may contact us directly for more information.

  • Cat 2: Mid-range Systems Support

  • Cat 3: Specialized Server and Middleware Administration

  • Cat 4: Data Center Consulting

  • Cat 5: Security Consulting

  • Cat 6: IT Management Consulting

  • Cat 7: IT Procurement and Grant Services

  • Cat 8: OS390 and Z/OS Mainframe Applications Programming Support

  • Cat 9: Distributed Application Analysis, Design and Programming

  • Cat 10: Document Management

  • Cat 12: Project Management

  • Cat 13: Quality Assurance