Information Technology Risk Management Program Development


Working to diagnose IT risk issues that place organizations in legal, financial, or reputational peril.  PYA identifies areas of improvement and provides innovative solutions that align with our clients’ business objectives.   We help your organization develop a successful IT risk management program that not only helps safeguard IT, but also helps make the critical business functions of your organization’s mission more effective.

IT Governance Program Development


Structuring, overseeing, and evaluating operations as they relate to IT, ensuring clients are able to realize strategic and measurable growth.  PYA understands that collaboration and communication are essential to the success of any IT initiative. The cooperation of stakeholders, business process owners, and domain experts is the cornerstone of reliable and effective governance.

HIPAA Compliance Assessment (Privacy Security & Breach Notification)


Evaluating that our clients are safeguarding the privacy and security of protected health information, and avoiding problems that could lead to significant penalties and damaged reputations.  Our team of CIOs, CTOs, and Compliance Officers understands first-hand that providers are subject to regulations that create substantial monetary penalties for non-compliant entities.

HIPAA Security Risk Analysis


Recognizing that extensive HIPAA-HITECH regulations require constant vigilance.  PYA’s HIPAA Security Risk Analysis includes a system-wide assessment to identify controls, threats, and vulnerabilities relevant to regulatory requirements.  Whether you are safeguarding meaningful use funds or simply concerned about maintaining compliance with HIPAA, it’s essential to conduct regular HIPAA compliance assessments.

IT Outsourcing Assessment  


Outsourcing any aspect of your business involves risk.  Whether your needs include an audit of a current outsourcing engagement, transition to a new one, or extraction of an outsourced arrangement, our team will guide you through the entire process and assist with mitigation and cost management.

IT and EHR Assessment


Combining key documentation reviews, in-depth interviews, and user satisfaction surveys with various components of a healthcare  information system: hardware, software, interfaces, vendor support, etc.  Comparing IT costs, staffing, user satisfaction, and physician satisfaction  presents a complete picture with quantitative results.  PYA relies on these results to advise on tactical and strategic recommendations for improving IT productivity and system utilization, while lowering costs.

Meaningful Use Gap Analysis


Providing a comprehensive, independent assessment to review progress as hospitals, physician practices, and healthcare systems pursue the various stages of meaningful use compliance.  We leverage more than three decades of experience in clinical systems implementation, security, privacy and regulatory compliance, public policy, health information exchange, and project management to accelerate meaningful use readiness, identify problems for early remediation, and provide thorough documentation and preparation for potential CMS audits.

Mergers & Acquisitions (M&A) IT Assessment


Helping organizations address technology challenges related to transactions.  Our M&A team offers support that includes a comprehensive assessment of IT resources, assets, and compliance efforts.  Our assessment provides critical insight into the IT segment of an acquisition, merger, or other cooperative venture.  PYA’s technical, compliance, and IT operations professionals focus on critical decision points to help decrease risk and increase integration success.

Enterprise Data Governance Assessment


Determining appropriate implementation of new, or revising existing, data governance programs.  We assess organizational needs and offer recommendations that assist management in making the case for program implementation

Disaster Recovery (DR) Planning and Assessment

Our team can provide DR planning services that include:

  • Assessment of the current  IT tactical and strategic DR plan
  • Review of existing recovery procedures to include undocumented processes.
  • Development  or improvement of recovery plan based on Business Impact Analysis
  • Scheduled validation and “table-top” testing of the plan
  • Onsite coordination assistance for plan execution