Why Us?

We know the law and we know the web.

We help companies safely and securely do business on the web.

Startup Health Moonshot

StartupHealthMoonshotFirst of all, what is Startup Health? They self describe (in part) as follow:

They are an army of Health Transformers that "Through the strength of its global brand, reputation, network, army of “Health Transformers” and platform, StartUp Health has quickly amassed the world’s largest portfolio of over 230 digital health companies, from six continents and 20 countries..." 

Working to Achieve 10 Health Moonshots

"Access to Care, Cost to Zero, Cure Disease, End to Cancer, Women’s Health, Children’s Health, Nutrition & Fitness, Brain Health, Happiness & Mental Health, and Longevity..."

In short, Startup Health is a Healthcare incubator that helps launch startups in the healthcare space.

There is one thing for certain, post Covid-19, and that is that the healthcare industry will not look anything like it looked like prior to the virus. There is going to be a major consolidation cycle and the "little guys," no matter how cool the tech, will find it increasingly difficult to break into this space. A space that has been notoriously difficult to crack, long before Covid.

Here's the thing, the "Big Boys" are not going to let you play if your cybersecurity house is not in order. If you can't competently respond to their questionnaires (one per year usually) and/or provide them the additional the documentation they request, your Moonshot will quickly be headed for a crash landing back to Earth, and perhaps not survive at all. Our partner's Expresso 3.0 (Silver) Business Partner Vetting portal prepares you for the requests that are certainly coming your way. It will also helps you perform due diligence on your partners. Security is only as strong as its weakest link.

In conjunction with our partner's Silver Subscription Plan, which includes Expresso 3.0 (Silver) (the Risk Assessment Express for HIPAA and GDPR), you get policies and procedures, model documents, training, scorecards, model contracts and more. Here's the bottom line, for under a $5000.00 Fixed Fee we can get your Moonshot compliance program up and running; enough to pass muster with the Big Boys. We have been doing this for over a decade. The Fixed Fee includes twenty-five (25) hours of legal attorneys fees (i.e. to guide you through the process) and the cost of our partner's Silver Subscription Plan. The counsel guiding you, as your virtual privacy/security officer, is a recognized authority in this space.

If you can find a better value proposition then buy it. Our partner's plan provides "Enterprise Compliance for the Masses." Our entire value proposition is to grow this solution at scale. Expresso is now on version 3.0, purchased by hundreds of subscribers. Further thousands of customers have purchased our individual products.

If you want references, we have those too.

To be clear, we are not selling penetration services, intrusion detection systems, name your technology du jour. Our firm, together with 3Lions Publishing, Inc. dots the "i's" and cross the "t's" so  that the compliance program you launch supports whatever technology you have implemented. Finally, $5000 won't get you a fully launched program, it will get you a excelerated start on making significant headway in an extremely short period of time. Compare that to the tens of thousands (or more) from our competitors and you begin to understand our value proposition.

Our Startup Health Moonshot engagement focuses on setting the tone and direction of your HIPAA/GDPR/Other Compliance Program, so that you meet the most requirements in the shortest period of time. Although there are an overlapping set of deliverables with our HIPAA Jumpstart program. Our laser focus here is getting your Moonshot ready for prime time vetting from the Big Boys.

What does it cover?

  1. Discuss your policies, procedures, and tracking mechanisms pertinent for all relevant Regulatory requirements (e.g. Security Rule, Privacy Rule, and Breach Notification Rule) as they pertain to compliance and/or industry best practices. These steps ensure that from a legal perspective your Organization could, at a minimum, survive a security audit by a regulatory agency. Moreover, these steps protect an Organization’s Operational Environment in a manner that preserves the Organization’s brand and good will.
    • Ensure that Organization has a named Security Officer and a name Privacy Officer.
    • Discuss/implement Risk Management Program.
    • Discuss/perform baseline Risk Assessment using Expresso®.
    • Discuss Sanction Policy.
    • Discuss/implementt Tracking of Security Incident and Plan collateral regarding same.
    • Discuss Information System Logging Capabilities and Responsibility
    • Discuss/implement policies and processes for workforce clearance.
    • Discuss/implement policies and processes for workforce termination.
    • Discuss/implement policies and processes for establishing access to Information.
    • Discuss/implement policies and processes for reminding your workforce of Security issues.
    • Discuss/implement policies and processes for protecting against malicious software.
    • Discuss/implement policies and processes pursuant to data backups and disaster recovery plan.
    • Discuss/implement policies and processes pursuant to the encryption of Information.
    • Discuss/implement policies and processes pursuant to authentication.
    • Discuss/implement policies and processes pursuant to the physical security of facility, plant and equipment.
    • Discuss/implementt policies and processes pursuant to the destruction of Information (i.e. disposal).
    • Discuss Privacy Rule violations.
    • Discuss Privacy Rule's Patient's Bill of Rights
    • Discuss Privacy Rule's Administrative Requirements
    • Discuss /implement Breach Notification Rule's Preparedness Requirements
  2. Prepare for Risk Assessment by training staff and gathering the necessary information Expresso® requires to conduct a baseline Risk Assessment (this does not presuppose that it is the Organization’s baseline Risk Assessment).
    • Conduct Expresso® overview training.
    • Identify applications (where available) from which the Expresso® Security Objects table will be populated.  This is the table within Expresso® that Security Controls (“Controls”) are applied to. In general, the Security Object table requires the following types of information:
      • Assets
      • Personnel
      • Applications
      • Databases
      • Networks
      • Hardware (Servers, PCs, laptops, phones, pads, etc.).
    • Create csv files (where applicable) to import into the Security Objects table.
    • Assist the client in identifying Threat/Vulnerability pairs pertinent to the Organization’s Operational Environment.
    • Assist the client in determining the business Impact (I) that would result from a Threat (T) exploiting a specific Vulnerability (V).
    • Assist the client in calculating the Risk (R) related to a specific Threat/Vulnerability pair calculated as a function of the probability that a Threat (T) will exploit a specific Vulnerability (V) times the Impact (I) to the Organization (i.e. R = T x V x I).
    • Assist the client in identifying a subset of Risks that will be attacked during this Risk Assessment (i.e. assuming resource/budget constraints do not allow for attacking ALL Risks identified).
    • Assist the client in identifying Controls that reduce identified Risks to levels that are “reasonable and appropriate”.
    • Assist the client in producing Risk Assessment reports that can be used to report to internal stakeholders (and external stakeholders if required). These reports will also “feed” the Remediation Plan.
  3. Define the Remediation Plan to actually implement the Controls that will reduce identified Risks to levels that are “reasonable and appropriate” using our Jumpstart™ Scorecards.

What does it cost?

The cost of our Fixed Fee package is $3,500.00 USD and time boxed at fifteen (25) hours, plus the cost of our partner's Subscription Plan at either a (Basic or Silver) leval.

What are the deliverables?

As stated above, the deliverables (in part) are: (1) the policies and procedures enumerated above fully discussed and understood within your organization;  (2)  a complete and actionable Risk Assessment implemented with the assistance of Expresso®; and (3) a Remediation Plan based on our Scorecards.

Why should an organization audit their Operational Environment?

Think of it as a kind of insurance policy. It is now widely understood that a significant breach of protected Information will cause large scale financial and reputational damage to your Organization (think Target). Our Cybersecurity Audit helps you reduce identified Risks to levels that are "reasonable and appropriate" for an Organization of your size and complexity.

What parts of your Organization are reviewed?

Our Moonshot offerin reviews one Profit & Loss center within your Organization.

What is not covered?

Our Moonshot program produces  Remediation Plans as a subset of its deliverables. However, actual remediation can be an open-ended project whose cost is NOT included in the Fixed Fee offering.


Contact us today