Joshua Carlson P.A. Practice Areas

Data Security, Privacy and Compliance Program Services with a Legal Eye
1. Outside Counsel Services/Management Consulting:  Responsive, attentive, knowledgeable, experienced data security, data privacy and compliance program services.  Mr. Carlson understands the need to be available and to provide the business timely solutions.  He does so efficiently while allowing his clients to focus on growing and leveraging their businesses and business lines.  Mr. Carlson goes wherever his clients need him to manage, handle, advise and organize data privacy and security matters.
2.  Policies and Documentation Services: Develop and deliver any and all necessary industry or compliance related policy and procedure services for companies of all industries.
3.  Data Privacy & Security Risk Review:  Perform pre-audit review work, onsite audit liaison services during audits, post audit gap response work.
4.  GDPR Compliance Advisory Services:  Review any and all international applicable data feeds and contracts related to EU/EEA international data transfers, as data controllers or as data processors.  Work with regulators and countries or clients to make sure all issues are addressed.
5.  Audits: PCI, Vendor, Bank, and Government Audit Liaison Services: I provide expert delivery of policies, procedures and overall program guidance services on compliance to make sure companies stay in good standing with their clients and regulators.
6.  Risk Assessments:  Perform risk assessments, gap assessments, broad or narrow in scope for PCI, ISO, HIPAA, Safe Harbor, GLBA, FISMA and others.
7.  Vendor Risk Assessments Services:  Perform, review, conduct vendor assessments and audits, perform BA assessments, subcontractor assessments, breach assessments, contract review assessments, vendor due diligence.
8.  Vendor Response Services:  Provide up-stream vendor audit responses for companies that are receiving them, remediate gaps and manage the responses.
Remediate any gaps from other audits or reports and help coordinate with all parties so  all are pleased with status  of audit gaps and progress towards completion.
9.  Comfortable Compliance On-Going Compliance Service: For a monthly fee, I can provide some, or all of the services above on an ongoing basis so there is no worry about finding a company each time something happens.
10.  Privacy and Security Program Development and Operationalization:  Provide experienced and solutions oriented work for privacy and security organizational programs.
Data privacy, data security and compliance programs for: NIST, FISMA, PCI, SOX, HIPAA, HITECH, FEDRAMP, ISO, Safe Harbor, Energy sector & critical infrastructure cyber security framework.  



HIPAA Final Rule - Has your Organization Completed its Required Risk Analysis Yet?


The HIPAA Final rule is here, and with it come great and vast changes and requirements to your organization related to compliance; including required risk analysis, increased BA and subcontractor liability, new breach analysis and reporting requirements, increased access requirements and increased oversight of all entities that handle e-PHI.


Any entity that sends, receives processes or transmits e-PHI in your organization, or on your organizations behalf (BAs and subcontractors included) must perform a risk analysis which captures all areas of data flow related to e-PHI and which measures the risks associated with such data flow.


 The OCR has stated that a thorough and comprehensive Risk Analysis is the very first, and required, step in any proper compliance program with HIPAA.


Carlson P.A. specializes in healthcare compliance with HIPAA, including risk analysis, breach analysis, data mapping, data tracking, BA reviews, vendor reviews, partner agreement reviews, data security and data privacy contractual Implication reviews, cloud and mobile reviews, policy reviews, IT policy reviews.


Carlson P.A. also provides HIPAA compliance audit services that will prepare your organization for what is required today and into the future.


Mr. Carlson also advises companies, and consumers, in the areas of data privacy and data security so the consumers can help deter identify theft and companies can avoid problems with compliance and consumer actions for breach and other unintended disclosures.

Photo gallery: A look at our legal practice