The Cutting Edge of Medical Technology Content, Community & Collaboration
Time: December 10, 2015 from 10am to 11am
Location: Online Event
Street: NetZealous LLC-161 Mission Falls Lane
City/Town: Fremont,CA,USA
Website or Map: http://bit.ly/1P23QCA
Phone: 18003851607
Event Type: online, healthcare, training, courses
Organized By: Netzealous -MentorHealth
Latest Activity: Nov 5, 2015
Overview: Under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule all electronic protected health information (e-PHI) created, received, maintained, or transmitted by a "covered entity" and "business associate" is subject to the Security Rule. If we assume that information technology powers modern health care, then it stores or disseminates most everything an entity might know about a patient. Thus, e- PHI security and privacy is fundamental and paramount.
The Security Rule requires entities to evaluate risks and vulnerabilities in their technology environments and to implement reasonable and appropriate security measures to protect e-PHI. The Office for Civil Rights (OCR), the security watchdog for theDepartment of Health and Human Services (DHHS), in particular, is responsible for issuing annual guidance on the provisions in the HIPAA Security Rule.1 The OCR is also the body responsible for ensuring that covered entities are complying with the intent of the Security Rule. From a compliance perspective then, it may seem especially wise to take heed to what the OCR is saying.
In its first guidance released on July 14, 2010,2 the OCR states "A risk analysis is foundational, and must be understood in detail before OCR can issue meaningful guidance that specifically addresses safeguards and technologies that will best protect electronic health information."
In short, an information technology risk analysis is the fundamental security cornerstone the DHHS expects covered entities to meet. As the OCR ratchets up its compliance activities, as it has promised to do after the passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act, covered entities who have not conducted an adequate.
A risk analysis using a risk-based approach is the very foundation from which to build your information security compliance program. Without this baseline, your organization is swimming aimlessly.
The OCR goes on to stress in its Guidance on Risk Analysis: We note that some of the content contained in this guidance is based on recommendations of the National Institute of Standards and Technology (NIST). NIST, a federal agency, publishes freely available material in the public domain, including guidelines. Although only federal agencies are required to follow guidelines set by NIST, the guidelines represent the industry standard for good business practices with respect to standards for securing e-PHI. Therefore, non-federal organizations may find their content valuable when developing and performing compliance activities. So in short, OCR "suggests" that a covered entity might use the NIST risk-based approach for doing a risk analysis. Our view is that when CMS "suggests" something, it very much is like God telling you to do so. "Suggestion" is merely loosely worded as an imperative. Of course, other good risk frameworks exist, such as Control Objectives for Information Technology (COBIT) developed by the Information Systems for Auditing and Control Association (ISACA), or Octave developed by the CERT institute at the Carnegie-Mellon University.
Price : $139.00
Contact Info:
MentorHealth
Phone No: 1-800-385-1607
FaX: 302-288-6884
support@mentorhealth.com
Event Link: http://bit.ly/1P23QCA
http://www.mentorhealth.com/
© 2024 Created by CC-Conrad Clyburn-MedForeSight. Powered by
RSVP for Webinar on HIPAA Security Risk Analysis Software – Not all Tools are Created Equal to add comments!
Join MedTech I.Q.