You are using an UNSUPPORTED version of browser, please try to update your browser.

NYC Health + Hospitals ()
160 Water Street, Floor 13, New York, NY 10038
Mitchell Jacobs
phone: (646) 458-8661
Human Services/Client Services
Request for Proposals

PIN#038-0027A - Due: 9/14/2018 3:00 PM

NYC Health plus Hospitals is looking for a vendor to provide annual information risk analysis and security assessment services for all of its facilities, entities, units, programs, and data centers, with a focus on electronic sensitive data including but not limited to electronic Protected Health Information (“ePHI”) as defined by the implementing regulations of the Health Insurance Portability and Accountability Act (“HIPAA”) of 1996.
The requested risk analysis and security assessment services are broken down into the following seven activities:
1. HIPAA Enterprise-wide Risk Analysis (Application and ePHI Focused)
2. HIPAA Compliance Assessment, including the OCR Audit Protocol
3. Management Plan for addressing identified risks
4. Application Security - Penetration Testing
5. Infrastructure Security - Internal Penetration Testing (including server)
6. Infrastructure Security - Perimeter/DMZ Penetration Testing
7. Vendor Risk Assessment

Disclaimer: Pursuant to Section 103 (2) of the New York State General Municipal Law, New York City Charter Section 1066 and the City of New York Procurement Policy Board Rules, The City Record is the official paper of the City of New York. It is published each weekday except legal holidays. The print edition of The City Record is the official publication for the following notices: public hearings, meetings, court notices, property dispositions, procurements (solicitations and awards), agency public hearings, agency rules, and special materials which include changes in personnel. This electronic version of The City Record is offered solely for the convenience of readers.