Free Articles, Free Web Content, Reprint Articles
Thursday, September 21, 2017
 
Free Articles, Free Web Content, Reprint ArticlesRegisterAll CategoriesTop AuthorsSubmit Article (Article Submission)ContactSubscribe Free Articles, Free Web Content, Reprint Articles
 

Key Issues in HIPAA Security Compliance Management

A 360 Degree Approach to HIPAA Compliance An effective approach to meeting HIPAA security compliance requirements begins with a security management solution – one that enables real-time monitoring,...

A 360 Degree Approach to HIPAA Compliance

An effective approach to meeting HIPAA security compliance requirements begins with a security management solution – one that enables real-time monitoring, compliance reporting and control management. Technology alone however, is not the answer. The best route to compliance is a 360 degree approach that integrates existing people, processes, and policies with technology. The foundation of a compliance solution for all healthcare organizations is an enterprise-class Security Information Management (SIM) solution.

Seven Critical HIPAA Initiatives

1. Policy
Define a policy-driven security management program that can be incorporated early on into business processes – Identify the people and technology controls needed to satisfy an organization’s security mission and ensure HIPAA compliance. Also, ensure that security initiatives are integrated into business processes at their onset, rather than after the fact.

2. Security Controls
Validate security controls – Provide for the monitoring and reporting of controls on human actions and decisions, process controls, and information technology controls.

3. Risk Management
Implement a risk management approach to information security – Comprise active monitoring of risk as defined and measured by key control indicators (KCIs) and key risk indicators (KRIs), correlating the relative value of information assets, the threats to the confidentiality, integrity, and availability of the assets, and the vulnerability of the systems and architecture that store and carry the assets.

4. Due Diligence
Demonstrate due diligence in the application of internal controls – Create a link between the security infrastructure and policy by capturing all security events from all network hosts, devices, and assets in an auditable database.

5. Incident Management
Develop and implement an effective security-incident management process – Demonstrate that the proper steps were taken to correct systems and adjust policy if a non-compliant situation is identified.

6. Reporting
Enable reporting that can help demonstrate compliance – Demonstrate the ongoing security of compliance-related assets over a period of time, recreating the organization’s security posture if needed to obtain HIPAA certification, and enabling security performance management against metrics that can be leveraged for corporate governance initiatives.

7. Preserving Data
Establish capabilities for archiving and preserving data – Preserve near-term and long-term data in its purest form for forensics and evidentiary presentation. By leveraging SIM to implement effective, comprehensive policies and procedures for establishing accountability and consistent reporting practices, healthcare organizations can successfully meet HIPAA regulatory compliance directives.

Example: Security Information Management and HIPAA Compliance

Wheaton Franciscan Healthcare a nonprofit healthcare organization based in Wheaton, Illinois needed to enhance their visibility into network security and improve reporting capabilities to enable HIPAA compliance. The organization size created enormous challenges.

With 17 hospitals and more than 70 clinics in Colorado, Illinois, Iowa, and Wisconsin, the initiative involved nearly100 security devices, including firewalls, intrusion protection systems, virtual private network concentrators, and authentication services..The organization manually reviewed many of its security devices, though some were unmanageable due to the enormous volume of event log data. Wheaton turned to a leading Security Information Management solution to bring its security initiatives under control.

Wheaton was able to reduce its monitoring workload and minimize downtime by leveraging this solution to react more quickly to threats. With improved visibility into the network and the ability to assess its risk posture at any given point in timeComputer Technology Articles, Wheaton raised security and reporting to the level required for HIPAA compliance.

Source: Free Articles from ArticlesFactory.com

ABOUT THE AUTHOR


Katherine Janiszewski plays a crucial role as Marketing Manager of netForensics. Founded in 1999, netForensics is based on a culture of excellence and innovation. Their team of leading experts understands the ever-evolving security threat and compliance needs of today’s organizations, including HIPAA Compliance. For more information, visit netForensics.com.



Health
Business
Finance
Travel
Technology
Home Repair
Computers
Marketing
Autos
Family
Entertainment
Education
Law
Communication
Other
Sports
ECommerce
Home Business
Self Help
Internet
Partners


Page loaded in 0.087 seconds