Centers for Medicare and Medicaid Services (CMS)
Clients who process Medicare- and Medicaid-paid services have added security mandates as issued by the Centers for Medicare and Medicaid Services, which oversees the programs for the federal government. CMS contractors must follow a labyrinth of regulations, including CMS Policy for Information Security as required by FISMA, CMS Business Partners Systems Security Manual and official communication from the CMS chief information officer who can issue specific policies, requirements and procedures related to key information technology and information security topics.
The LBMC Security & Risk Services team has been involved since the creation of CMS Minimum Security Requirements (CMSRs) and CMS SSP and RA methodologies. We participate in CMS-sponsored conferences to stay abreast of the latest processes, requirements and operating styles. In addition, LBMC Security & Risk Services has conducted Level 3 penetration tests, including one that resulted in a CMS contractor commenting it was the most comprehensive of all the penetration tests performed.
As a Quality Security Assessor certified by the PCI Security Standards Council, we perform formal audits of compliance for major credit card brands, and evaluate and accept compensating controls. The certification reflects LBMC’s depth of security experience, proven quality assurance processes and appropriate understanding of legal and insurance requirements.
In addition, LBMC is a certified HITRUST Common Security Framework Assessor. One of only a dozen in the country, LBMC is uniquely qualified to perform HITRUST CSF-related assessments and services for healthcare organizations and their business associates. We can be the sole firm responsible for integrating CMS requirements into the HITRUST framework.
LBMC Security & Risk Services’ involvement enables CMS contractors to meet government expectations and ensure their reward and performance bonuses are not reduced.