Key,Issues,HIPAA,Security,Comp computer Key Issues in HIPAA Security Compliance Management
Gone are those times when the companies and the organisations didn't need a hi-tech system to handle them. Owing to the considerable increase in the business sector and thus, an enormous increase in the complexity of the organisational struc ----------------------------------------------------------Permission is granted for the below article to forward,reprint, distribute, use for ezine, newsletter, website,offer as free bonus or part of a product for sale as longas no changes a
A 360 Degree Approach to HIPAA ComplianceAn effective approach to meeting HIPAA security compliancerequirements begins with a security management solution one thatenables real-time monitoring, compliance reporting and controlmanagement. Technology alone however, is not the answer. The best routeto compliance is a 360 degree approach that integrates existing people,processes, and policies with technology. The foundation of a compliancesolution for all healthcare organizations is an enterprise-classSecurity Information Management (SIM) solution.Seven Critical HIPAA Initiatives1. PolicyDefine a policy-driven security management program that can beincorporated early on into business processes Identify the people andtechnology controls needed to satisfy an organizations securitymission and ensure HIPAA compliance. Also, ensure that securityinitiatives are integrated into business processes at their onset,rather than after the fact.2. Security ControlsValidate security controls Provide for the monitoring and reportingof controls on human actions and decisions, process controls, andinformation technology controls.3. Risk ManagementImplement a risk management approach to information security Compriseactive monitoring of risk as defined and measured by key controlindicators (KCIs) and key risk indicators (KRIs), correlating therelative value of information assets, the threats to theconfidentiality, integrity, and availability of the assets, and thevulnerability of the systems and architecture that store and carry theassets.4. Due DiligenceDemonstrate due diligence in the application of internal controls Create a link between the security infrastructure and policy bycapturing all security events from all network hosts, devices, andassets in an auditable database.5. Incident ManagementDevelop and implement an effective security-incident management process Demonstrate that the proper steps were taken to correct systems andadjust policy if a non-compliant situation is identified.6. ReportingEnable reporting that can help demonstrate compliance Demonstrate theongoing security of compliance-related assets over a period of time,recreating the organizations security posture if needed to obtainHIPAA certification, and enabling security performance managementagainst metrics that can be leveraged for corporate governanceinitiatives.7. Preserving DataEstablish capabilities for archiving and preserving data Preservenear-term and long-term data in its purest form for forensics andevidentiary presentation. By leveraging SIM to implement effective,comprehensive policies and procedures for establishing accountabilityand consistent reporting practices, healthcare organizations cansuccessfully meet HIPAA regulatory compliance directives.Example: Security Information Management and HIPAA ComplianceWheaton Franciscan Healthcare a nonprofit healthcare organizationbased in Wheaton, Illinois needed to enhance their visibility intonetwork security and improve reporting capabilities to enable HIPAAcompliance. The organization size created enormous challenges.With 17 hospitals and more than 70 clinics in Colorado, Illinois,Iowa, and Wisconsin, the initiative involved nearly100 securitydevices, including firewalls, intrusion protection systems, virtualprivate network concentrators, and authentication services..Theorganization manually reviewed many of its security devices, thoughsome were unmanageable due to the enormous volume of event log data.Wheaton turned to a leading Security Information Management solution tobring its security initiatives under control.Wheaton was able to reduce its monitoring workload and minimizedowntime by leveraging this solution to react more quickly to threats.With improved visibility into the network and the ability to assess itsrisk posture at any given point in time, Wheaton raised security andreporting to the level required for HIPAA compliance.
Key,Issues,HIPAA,Security,Comp