Epic Security Assessment Program

We use a comprehensive Epic Security Framework spanning Patient Safety, Administration, Application Security and Infrastructure Management to identify gaps in best practice and provide benchmarks.

Approach

We meet with Epic application, infrastructure, networking, and security stakeholders to gain an understanding of the current-state. We review Epic application security configurations, system access and architecture.

We identify gaps and limitations of controls compared to industry best practices. We collaboratively develop an Epic Security Program Roadmap to improve maturity and manage risks to patient data and revenue systems within Epic.

Targeting Critical EPIC Assets

  • Cache Database
  • Clarity Data Warehouse
  • Interconnect
  • Printers
  • BCA / Downtime PCs
  • FHIR
  • MyChart
  • MyChart Mobile
  • Medical Devices

The Epic “Honeycomb” Framework

Our Epic Security Program “Honeycomb” is a collection of process and technical controls that describe best practices in Epic security. Mike Pinch created this framework based on his experience as a hospital CISO and has vetted and used the content with many other hospital CISOs and Epic teams to solidify its contents. Each tile has objective, defined maturity criteria allowing for consistent and quantifiable scoring and improvement over time.

Does your organization want to align with NIST CSF or ISO 27K?

Learn more about how our H24 Capabilities Framework can help