SNN - Secure Net News: Security-Focused Computer Productivity and Network News - SNN Secure Net News - Key Issues in HIPPA Security Compliance Management

Navigation

Top

Advertising

Features by Category

Wednesday

Nov252009

Key Issues in HIPPA Security Compliance Management

Wednesday, November 25, 2009 at 03:18PM

By Katherine Janiszewski

A 360 Degree Approach to HIPAA Compliance

An effective approach to meeting HIPAA security compliance requirements begins with a security management solution - one that enables real-time monitoring, compliance reporting and control management. Technology alone however, is not the answer. The best route to compliance is a 360 degree approach that integrates existing people, processes, and policies with technology. The foundation of a compliance solution for all healthcare organizations is an enterprise-class Security Information Management (SIM) solution.

Seven Critical HIPAA Initiatives

1. Policy

Define a policy-driven security management program that can be incorporated early on into business processes - Identify the people and technology controls needed to satisfy an organization's security mission and ensure HIPAA compliance. Also, ensure that security initiatives are integrated into business processes at their onset, rather than after the fact.

2. Security Controls

Validate security controls - Provide for the monitoring and reporting of controls on human actions and decisions, process controls, and information technology controls.

3. Risk Management

Implement a risk management approach to information security - Comprise active monitoring of risk as defined and measured by key control indicators (KCIs) and key risk indicators (KRIs), correlating the relative value of information assets, the threats to the confidentiality, integrity, and availability of the assets, and the vulnerability of the systems and architecture that store and carry the assets.

4. Due Diligence

Demonstrate due diligence in the application of internal controls - Create a link between the security infrastructure and policy by capturing all security events from all network hosts, devices, and assets in an auditable database.

5. Incident Management

Develop and implement an effective security-incident management process - Demonstrate that the proper steps were taken to correct systems and adjust policy if a non-compliant situation is identified.

6. Reporting

Enable reporting that can help demonstrate compliance - Demonstrate the ongoing security of compliance-related assets over a period of time, recreating the organization's security posture if needed to obtain HIPAA certification, and enabling security performance management against metrics that can be leveraged for corporate governance initiatives.

7. Preserving Data

Establish capabilities for archiving and preserving data - Preserve near-term and long-term data in its purest form for forensics and evidentiary presentation. By leveraging SIM to implement effective, comprehensive policies and procedures for establishing accountability and consistent reporting practices, healthcare organizations can successfully meet HIPAA regulatory compliance directives.

Example: Security Information Management and HIPAA Compliance

Wheaton Franciscan Healthcare a nonprofit healthcare organization based in Wheaton, Illinois needed to enhance their visibility into network security and improve reporting capabilities to enable HIPAA compliance. The organization size created enormous challenges.

With 17 hospitals and more than 70 clinics in Colorado, Illinois, Iowa, and Wisconsin, the initiative involved nearly100 security devices, including firewalls, intrusion protection systems, virtual private network concentrators, and authentication services..The organization manually reviewed many of its security devices, though some were unmanageable due to the enormous volume of event log data. Wheaton turned to a leading Security Information Management solution to bring its security initiatives under control.

Wheaton was able to reduce its monitoring workload and minimize downtime by leveraging this solution to react more quickly to threats. With improved visibility into the network and the ability to assess its risk posture at any given point in time, Wheaton raised security and reporting to the level required for HIPAA compliance.

Katherine Janiszewski plays a crucial role as Marketing Manager of netForensics. Founded in 1999, netForensics is based on a culture of excellence and innovation. Their team of leading experts understands the ever-evolving security threat and compliance needs of today's organizations, including HIPAA Compliance. For more information, visit netForensics.com.

Article Source: http://EzineArticles.com/?expert=Katherine_Janiszewski

NOTICE - This article is the opinion of the author or reports the news and opinions of others and is NOT INTENDED TO OFFER ADVICE. This story/article/feature may be an opinion piece — and should be treated accordingly — or reporting on the opinions of others, and should never be considered as a sole source of information or as a suggestion, instruction or prescription. For crime stories, always read the word "allegedly" in any story mentioning "suspects" or "persons of interest". For money/trade and exchange stories, this magazine and its writers accept no responsibility for accuracy — always check with other sources for important decisions. In the case of food/health stories, these facts have not been evaluated by the United States Food and Drug Administration (FDA). Information stated here should be NOT be considered as medical, health, psychological or behavior advice. All information in this story and on this site is provided for educational or entertainment purposes ONLY. Always seek the advice of experts, including doctors for medical opinions. Only a licensed medical doctor can offer medical advice. Legal advice or other expert advice is best referred to experts in their respective fields. The publishers and editors, authors, researchers, employees, heirs and assigns accept no responsibility whatsoever for any advice, facts, opinions in this story, nor for resulting actions of readers of this information. ALL READERS ACCEPT THAT THIS INFORMATION IS PRESENTED ONLY AS EDUCATION, ENTERTAINMENT OR OPINION/INFORMATION AND AGREE IN READING THIS STORY OR THIS SITE THAT USE OF THIS INFORMATION IS SOLELY THE RESPONSIBILITY OF THE READER. Copyright by the author unless otherwise indicated. EXCERPTS from other magazines or media sources are posted under fair use doctrine, on the basis of no more than 5-10% of content with links and credit to source for the complete story. These are posted in the interest of providing interesting links (description as excerpt) with navigation to the source. Likewise, we encourage our many subscribers to excerpt with credit and links to our e-zines, up to 10% of content. To use more content than 10%, please contact the e-zine for permission. ALL RIGHTS RESERVED except as stipulated herein.

Persona Corp. and Blogertize publishes several e-zines for entertainment and information, but cautions readers to read the NOTICE above:

• Films and Books

• Canadian Money Magazine

• Advance Magazine

* Link Magazine

* EDI Weekly

* Secure Network News

* Canadian Money Magazine

* Crime Report USA

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

Post a New Comment

Enter your information below to add a new comment.

Author:

Author Email (optional):

Author URL (optional):

Post:

↓ | ↑

Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

IMPORTANT: No advice is offered or given in this article or this publication. PLEASE ALWAYS REFER TO AN EXPERT before acting on any information contained in any of our stories.
Copyright © 2006-10, Blogertize Publications (http://www.blogertize.com), except as otherwise indicated. Text may be excerpted UNALTERED with FULL CREDIT and LINK. PHOTOS MAY NOT BE COPIED, DOWNLOADED OR REPRODUCED WITHOUT PERMISSION. Note: Some photos of real people may be models used to illustrate the editorial concept. MISSION: "You Need to Know" Our publications are daily online newspapers and magazines (webzines), plus delivered Ezines. Our stories also appear on various newswire services and are picked up in other publications. Our reporters and journalists break or report stories and their sources and source information are protected by the doctrine of free press as expressed in the First Amendment, Reporter's Privilege statutes, and also the Canadian Charter of Rights and Freedoms. COMMENTS FROM USERS: We invite dialogue and comments from our readers and limit moderation to obscenity and privacy issues, however WE ACCEPT NO RESPONSIBILITY WHATSOEVER FOR THIS CONTENT. We believe in the doctrine of FREE SPEECH. COMMENTS AND MOST STORIES ARE FROM OUTSIDE CONTRIBUTORS AND READERS AND NOT A REFLECTION OF THE OPINIONS OF THIS MAGAZINE. The opinions expressed by our writers, columnists and reporters are their opinions and do not necessarily reflect the opinion of this magazine, its writers and staff, or Blogertize Publications.TM - Our magazine names are trademarked. Our publications team provide this ezine and web site and its contents in good faith but makes no representations or warranties of any kind with respect to this web site or its contents. We disclaim any representations and warranties, whether express or implied, including, but not limited to warranties of any kind. In addition, we do not represent or warrant that the information accessible via this web site or the products or services sold or given free on it are accurate, complete or current. Errors and Omissions Excepted. By using/visiting this site you agree that use information herein is at your own risk. PRIVACY: SPAM POLICY: We do not use, nor do we condone the use of unsolicited bulk email. Our email system is an opt-in only. Please report any incidents of unsolicited email coming from or mentioning our domain to editor AT blogeritze.com. All matters will be investigated and dealt with promptly. Jurisdiction: Any action or dispute arising from the use of information on this site will be deemed to have been undertaken and concluded in Toronto, Canada and will be interpreted, construed and enforced in all respects in accordance with the laws of Canada and all parties thereto shall submit to the exclusive jurisdiction of the Ontario courts. A visitor agrees that the applicable law to be applied shall, in all cases, be that of the city of the web site owner, namely, Toronto, Canada.

Persona Corp. and Blogertize publishes several webzines, magazines, e-zines for news, entertainment and information, but cautions readers to read the USAGE NOTICE. Our mandate: "You Need to Know!"

• Auto News (autonews.co): The latest news, reviews and views on all things automobile

• Automobile Buzz (automobilebuzz.com): Everyone's favorite zine with the latest road tests, videos, and breaking news with special focus on sportscars and greencars

• Films and Books Magazine - News from Hollywood and New York, Books and Films

• Canadian Money Magazine

• Webzine (webzine.co): Reviews of the best, newest and brightest of webzines, print to web conversion zines, ezines and online publications.

* Noetic News: News, Features, Research on the Science of Consciousness

* Dog and Cat World: You can't know too much about your best friend.

* Dogs and Cats Life: A Magazine on dogs, cats and pets focused on health, wellness, happiness and the pet lifestyle

* Advance Magazine - Body, Mind, Spirit

* LINK Magazine: Good News Report

* EDI Weekly

* Secure Network News

* Crime Report USA

* Wise Tarot Magazine

* Asian Collector Magazine

* Buddha Weekly - Buddhist news, events, profiles from all traditions.

* Buddhist Antique Magazine

* Noetic Journal and the Science of Consciousness, reporting on the latest in Noetic Sciences and theory.

Social Network

* Blogertize on TWITTER

* Blogertize on MySpace

Contributors

• Jessica Lyric, Film Critic

• James McKinnon, Editor

• Derek Armstrong, Chief Crime Correspondent, Crime Report USA, contributor various