Risk Management for Healthcare

CEBA, from Cyber Trust Alliance is an easy to use, yet comprehensive tool created for the assessment, documentation and management of overall risk as well as compliance with the HIPAA Security, Privacy and Breach Notification Rules.

CEBA organizes all of your compliance data into a dashboard, allowing you to quickly understand and communicate your current compliance status, areas for improvement and remediation progress at a glance.

The CEBA Executive Health Score is a summary of 11 key performance criteria that align to the Office of Civil Rights and NIST protocols to ensure you are compliant with critical security and privacy regulatory requirements.


The CEBA Risk Management Process

  • 1


    CEBA provides a simple step-by-step method for reviewing your policy and procedures and environment against HIPAA standards

  • 2


    CEBA identifies areas which are out-of-compliance with HIPAA and then helps you address these gaps

  • 3


    CEBA provides a real-time overview and scoring of your progress, making it easy to understand where you are and where you need to go

  • 4


    Your staff needs to be trained. CEBA tracks training status for all Workforce Members and reminds you when it's time to re-train

  • 5


    CEBA makes the entire Risk Management process interactive and allows you to build on your compliance efforts with real-time feedback and support


Business Associates

Any third party that has access to your ePHI is considered a Business Associate under HIPAA Security Rule. The Rule requires Covered Entities to maintain Business Associates Contracts with each business associate. While these agreements can go a long way towards protecting your patient data as well as your business, you still share in the responsibility should there be a breach. With this in mind, CEBA helps you better manage your Business Associate relationships by:

• Creating a live link between you and each of your Business Associates (free to BA)
• Stores your individual BAA's, and provides reminders when it is time to update

In addition to these benefits, if your business associates also join CEBA you will be able review their compliance efforts and monitor their CEBA Executive Health Score, which will be a great help to you in doing your required due diligence. CEBA also offers discounts to Covered Entities who maintain relationships with at least 5 CEBA business associates accounts.

Additional Services

While CEBA streamlines the risk management process, there's more that goes into properly securing your ePHI and maintaining HIPAA compliance. With this in mind, we can also assist you with these additional services...

Comprehensive Risk Assessment

Per the HIPAA Security Rule, you are required to conduct an accurate and thorough assessment of potential risks and vulnerabilities related to the ePHI you hold. While CEBA is the perfect tool to manage and store your compliance documentation, it needs to be evaluated by a competent 3rd party on a regular basis to best ensure compliance.

Virtual Compliance Manager

You are required to have a named person as your security, privacy, and compliance officer. We can be that person for you...reviewing the information you supply to CEBA, and then providing advice for required remediation items. We'll also monitor your CEBA status on an on-going basis, and make you aware of any significant changes to compliance rules.

Breach Response

Do you know what you would do in the event of a breach? Do you know how to respond to an audit request from the Government? Our Breach Response team will act as a liaison between you and your team, your vendors, and the Government. We will use CEBA to help prepare your audit response, and also assist you creating a mitigation plan.

Vulnerability Scanning/"Pen" Testing

You may assume that your network systems are secure. But can you document it? Our approach begins by scanning your external network to identify any potential vulnerabilities. We can also scan your internal network, servers, and workstations for weaknesses. Once these scans are completed, we will upload the results into your CEBA account and you can then move forward with any remediation plans or penetration testing.

HIPAA Compliance Enforcement Data

Did you know...

Over 2000 HIPAA complaints are received by OCR every month

Over 11 million patients were affected by breaches in the last year

Over $25 million in fines have been assessed in 2018


CEBA offers you several different packages from do-it-yourself to full support from our compliance experts.
The choice is yours!


• CEBA guides you through a simple yet comprehensive process
• You provide evidence of compliance
• CEBA provides real-time feedback on your compliance
• CEBA becomes your central location for all compliance documentation
From $79 per month!

Assisted Assessment

All the features of the "Self-Assessment" plan, plus CTA experts...

• Provide 3rd Party evaluation of your evidence for due diligence
• Offers vulnerability and phishing risk assessments
• Offers site assessments
Contact us for pricing!

Full-Service Assessment

CTA experts...

• Interview your staff
• Gather assessment data
• Review and analyze data

...and provides the following comprehensive reports within CEBA...

• Executive Summary
• Policy and Procedure Gap Analysis
• External and Internal Server and Workstation Vulnerability Assessment
• Phishing Assessment
• Network Assessment and Site Survey
• Applications Review

...and reviews and presents all findings and recommendations with key stakeholders.
Contact us for pricing!


Questions? We'd love to hear from you!


8217 Shoal Creek Blvd
Suite 104A
Austin, TX 78757


(512) 498-1000