http://healthitsecurity.com/2014/06/17/taking-time-to-build-out-a-strong-health-it-security-program/
By Patrick Ouellette
Health IT Security
June 17, 2014
Department of Health and Human Services (HHS) Chief Regional Civil Rights
Counsel Jerome Meites recently predicted that there would be a
considerable uptick in HHS data breach penalties within the next year,
according to thehill.com.
“Knowing what’s in the pipeline, I suspect that that number will be low
compared to what’s coming up,” Meites said, adding that he wasn’t speaking
on the behalf of HHS. Meites’ comments should be the latest reminder to
healthcare organizations that they should be prepared with transparent
security programs in the face of upcoming HIPAA audits.
Anahi Santiago, Chief Information Security Officer (CISO) and Privacy
Officer at Einstein Healthcare Network, explained to HealthITSecurity.com
how much of the work that she did years ago within her organization has
helped keep it equipped for a potential federal visit. In building her
security program over her 9 ½ years at Einstein, Santiago said she has
used pieces of a variety of different security frameworks as reference
points. She sees all of the frameworks crossing paths and having
similarities, so having a mix of the different frameworks makes the most
sense.
We started with the NIST framework and weren’t overly-prescriptive with
it; we used it as a baseline and have taken some pieces from COBIT and
ISO, and we’ve certainly started to lean toward utilizing HITRUST. I
would love, at some point, to transition the organization fully to
HITRUST. But we recognize that no one framework is a good fit for the
organization; especially in healthcare you recognize that no one
framework will be a one-size-fits-all.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
