The Frederick Group Launches Virtual Chief Information Security Officer Consultancy

Share Article

Mission is to help health care organizations navigate critical federal patient privacy and information security regulations, audits.

The Frederick Group, an information security consulting firm, today announced its launch to serve organizations that require information security professionals with expertise in health care privacy, but don’t have the resources to staff a full-time team.

In reviewing the tight market for information security specialists and the likely increase in the number of federal audits, Michael Frederick, the company’s CEO, came up with the concept of a virtual Chief Information Security Officer (CISO).

“Organizations can tap the expertise and operational experience of our CISOs,” Frederick said. “We hire only experienced professionals from within the health care sector. They are able to manage the complete information security program and know how to identify risk and deal with the critical regulatory issues.

“I like to think of our model as something akin to fractional jet ownership,” he added. “With The Frederick Group, you’re getting the complete package for informational security, but at a fraction of the cost.”

Frederick said his research determined that organizations under $300 million in annual revenue can least afford the potential impacts of audits by the Department of Health and Human Service’s Office of Civil Rights. The audits can fault companies for failure to adequately protect patient health records. The Office of Civil Rights began performing audits in November 2011, as required by the HITECH Act, part of the American Recovery and Reinvestment Act (ARRA).

Frederick said these audits, combined with a lack of qualified information security professionals, have left many organizations placing the responsibility for compliance with IT managers who do not have information security as their primary skill.

“The shortage in qualified information security specialists has made it incredibly difficult for companies to afford qualified people who could help reduce the risks of the Office of Civil Rights audits,” he said. “That’s why I started The Frederick Group. Organizations can leverage our seasoned, boardroom-ready security professionals for a fraction of what they would pay for a full-time team or a traditional consulting firm.”

ARRA provided incentives for companies to accelerate adoption of electronic health records. However, the federal government also required audits of companies accepting funds through the HITECH Act, in order to make sure companies were safeguarding patient data. If an organization is found lacking the requirements through the audit process, the Department of Health and Human Services will attempt to recoup the incentive payments.

Frederick said results from the initial Office of Civil Rights audits show that 80 percent of the issues are related to the Health Insurance Portability and Accountability Act (HIPAA) security rule. In addition, audits also show that 75 percent of the issues were found in organizations with less than $300 million in revenue.

“Think of the potential impact to the bottom line if an organization has to return the incentive payments, which average around $1.3 million per organization,” Frederick said. “These are the types of organizations least likely to be able to withstand paying back the federal incentive funds. With low margins, the results could be devastating, particularly for a community or rural provider system.”

About The Frederick Group

The Frederick Group was founded by Michael Frederick to help companies with revenue of $300 million or less address information technology and regulatory security risks, particularly in the health care sector. The Frederick Group provides organizations the ability to leverage seasoned, boardroom-ready security professionals for a fraction of what they would pay for a full-time staff or traditional consultancy firm.

About Michael Frederick

Michael Frederick has more than 20 years of information security experience. He helped build security consulting practices at PricewaterhouseCoopers, Ernst & Young and Arthur Andersen. He has also worked at American Airlines, Southwest Airlines and Baylor Health Care System, where he was the Chief Information Security Officer.

Frederick led Baylor Health Care System’s efforts to become the first hospital system to be certified under the HITRUST Common Security Framework. In his capacity, he worked with the Department of Health and Human Services, advising government leaders on security issues and providing input on meaningful use requirements related to information security and privacy.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Michael Frederick
Email >
Visit website