top of page

Quickly bolster your security program by engaging with a partner that exclusively serves the information security needs of the healthcare industry.  Our seasoned, certified professionals are highly accomplished at building security programs, assessing compliance, and managing risk. 

Protect your organization.

Protect your sensitive data.

Security Program Services

HIPAA Security Risk Assessment

Security Risk Analysis that meets requirements for HIPAA, HITECH, Meaningful Use, and OCR Audit Protocol.  Detailed analysis of physical, administrative, and technical controls presented in a format that is objective, comprehensive, and actionable.

Social Engineering

Test and educate the greatest threat to cybersecurity – the human being. Phishing and vishing campaigns designed to meet specific customer needs; focused surveys to identify causal factors in falling prey to these attacks.

Tabletop Exercises

Put your incident response capabilities to the test with realistic scenarios tailored to your organization. 

Business Impact Analysis

Identify maximum tolerable downtimes, resource requirements, system dependencies, and data flows through in-depth discovery with Business and IT Owners of each system.  Validate assumptions inherent in Business Continuity, Disaster Recovery, and Backup Plans.  Performed per NIST SP 800-34 and DRII standards.

Security Training

Custom training content development and training delivery by consultants with years of industry presentation and college-level curriculum development experience.  Focused training for general staff, executives, and those with elevated privileges. 

Security Program Strategic Planning

Facilitated planning sessions to identify security initiatives and priorities for 18 and 24-month horizons.   

Security Program Services

HITRUST Management Services

CSF Logo.png
CSF Adoption

Ready to adopt HITRUST?  Don't build an airplane as you're flying it, engage experts to help get your program off the ground or align your mature program to the industry standard. 


The first step on the journey to certification is defining the scope boundaries and meaningfully adopting the HITRUST CSF. All too often an organization is given templates and rushed into the assessment phase.  That approach forgoes the most important part of the HITRUST Assurance Program - the aligning of your program to the CSF. 


With experience that comes only after years of building security programs, Latitude is the partner you can trust to build the assessment-ready security program your organization deserves. 


Contractual requirement for certification?  Ready for a Validated Assessment? Want to avoid assessment fatigue?   Getting started can be a challenge...

Having served on the HITRUST Alliance Assessor Council and with experience performing  countless HITRUST assessments - no one is better qualified to be an advocate and advisor to your healthcare organization than our CCSFP-credentialed consultants.  

Our HITRUST Assessment Management service augments your team with experienced assessment staff to guide you through the entire adoption, certification, and maintenance life-cycle.  Don't take your focus off security to coordinate an assessment - let us manage your assessment effort for you.

Corrective Action Plan

Just wrapped up an assessment?  Certified with CAPs?

HITRUST certification is a huge milestone for your program and while it certainly represents a strong foundation, no organization is entirely without risk.  Partner with Latitude to seek expert advice on the creation of Corrective Action Plans (CAPs) and then let us coordinate their completion.  

v Logo.png
Version Refresh

Want to minimize effort with a re-certification effort? Keep your program current by adopting the newest CSF version PRIOR to your assessment.

The last thing Latitude would advise is postponing the adoption until the assessment.  Building a program is more than just adding some more template language to a document before the testing begins.  New and changing requirements demand the careful evaluation of controls and practices; and when needed, remediation.  Don't wait until the last minute - ask us about refreshing your program to address the latest and greatest long before the assessment.

HITRUST Program Mgmt


It seems a long journey from ensuring the security and combat readiness of a nuclear weapon system to the protection of healthcare data, but that’s the path that gave rise to Latitude Information Security.  Our foundation is rooted in discipline that enables a strategic weapon system to remain on alert for over 40 continuous years without significant incident. It's the vigilance in adhering to simple but rigid and overlapping security controls – the hallmark of “defense in depth.”  That journey eventually led to our founders first working together as First Responders, directly responsible for the care and well-being of patients.  Merged with extensive civilian experience  and leadership in Healthcare IT and Security, Latitude brings a vigilance to security programs, a deep knowledge of healthcare, and a passion for protecting both the patient and the organization that is unique.  Put plainly...service is in our DNA.

As prior members of the HITRUST Alliance Assessor Council, and with extensive experience advancing programs and evaluating against NIST, ISO, and other security standards, Latitude’s founders understand the benefit of adopting and adhering to a security framework but also appreciate from first-hand experience the challenges faced by organizations in effectively completing such a complex endeavor amid competing initiatives.  Latitude addresses this challenge by working as a part of our clients’ security and compliance teams, effectively managing security initiatives, advancing risk management tasks, and taking the heavy lifting off our clients’ shoulders.

The Pareto Principle does not apply here; it states that 20% of the workers produce 80% of the results.  At Latitude, 100% of the team produces 100% of the results.  It’s born from our roots in the military and emergency services, where complete commitment to the mission is demanded.  Expect integrity in preparation and excellence in execution.  Expect targeted solutions that are informed by your unique organization and risks.  Expect detailed reports with a clearly defined path to effective risk mitigation.


That’s our Ethos.  And we’re proud of it.  

Mark Ferrari

Principal   |   Learn More

Mark Headshot_edited.jpg

Mark Ferrari is a graduate of Villanova University and former military officer with over 20 years of healthcare, security, and compliance experience. Mark holds the PMP, CISSP, CCSFP, and HCISPP credentials and served on the HITRUST Assessor Council in 2018-2019.

Keith Kenna

Principal   |   Learn More

Keith Headshot.jpg

Keith Kenna is a graduate of West Chester University and brings 15 years healthcare, security, and compliance experience.  Keith’s project management experience includes clinical, IT, and information security efforts.  Keith holds the PMP and HCISPP credentials, is an active HITRUST Certified CSF Practitioner, and recently served on the HITRUST Assessor Council (2018-19).


West Chester Street.png
West Chester Clock.png

Email & Phone

(484) 356 - 8756


18 N Church St  |  Suite 3

West Chester, PA 19380

LAT 39.959200

LON -75.606030

  • Grey LinkedIn Icon
  • Grey Twitter Icon

Reach out

Thanks for reaching out - we'll be in touch shortly!

bottom of page