Information Security Policy Solution Addresses HITECH Security and Privacy Requirements

Press Releases » HITECH Act Security Solutions

Press Release

Information Security Policy Solution Addresses HITECH Security and Privacy Standards

Information Security Policy Products Address Key Areas of the new Health Information Technology for Economic and Clinical Health Act (HITECH Act).

HOUSTON, Texas – July 25, 2009 - Information Shield, a leading developer and distributor of information security policy and awareness products, today today announced their HITECH Security Solution Bundle. This new resource allows organizations responsible for protecting the nation's electronic health records to address key security policy and security awareness provisions of the newly modified cyber-security standards from the HITECH Act.

“The HIPAA security and privacy provisions are clear about the requirements to have written policies. To effectively protect electronic health records, organizations must develop a robust set of written information security and data privacy policies and also educate employees on how to use these policies,” said David Lineman, president of Information Shield. “Our information security policy and security awareness products can save organizations thousands of dollars and hundreds of man-hours maintaining a cyber-security plan based on a robust set of security policies that address the latest threats.”

The requirements to develop information security policies and provide ongoing awareness are critical components of any information security program and have been formally documented in the new HITECH standards. To help address the standard, Information Shield has bundled their two leading subscription products into a HITECH Solution Bundle. This bundle provides a discounted price for both of these leading products.

Time Saving Information Security Policy Solutions

Section 164.316 if HIPAA (Policies and Procedures and documentation Requirements) sets forth the requirements for written security policies, including the need for regular review and update of policy (HIPAA: Policy Documentation 164.316 (b)).

The new PolicyShield Security Policy Subscription Service contains everything an organization needs to build and maintain a complete set of written information security policies, including:

A comprehensive library of over 1700 pre-written information security policies and expert commentary covering each of the security areas identified HIPAA Final Security standard, including:
o Workforce Security, Third Party Security, Access Controls, Contingency Planning, Facility Security, Workstation Security, and many others.
Quarterly security policy updates in response to the latest technologies, incidents and regulatory changes.
A complete policy-development tutorial based on the 25 year consulting experience of author Charles Cresson Wood, CISSP, CISM, CISA.
30+ completely pre-written sample policy documents that every organization should have, covering essential topics such as email, network security, firewalls, data classification, internet use, telecommuting, and many others.
Time-saving policy development resources to help your organization get policies developed, approved and implemented quickly.

PolicyShield is based on the “gold standard” policy resource Information Security Policies Made Easy by Charles Cresson Wood, CISSP, CISM, CISA used by more than 7000 customers in 59 different countries. The security policies within PolicyShield come in HTML, PDF and MS-Word format for easy customization, and include an organization-wide license to republish the material inside one organization. Organizations can request free sample policies at www.informationshield.com.

Ongoing Security Awareness Requirements

Section 164.308(a)(5) of HIPAA requires Security Awareness and Training. The requirement specifies that organizations must provide regular, ongoing security awareness education to all employees and contractors with access to electronic health information.

Protecting Information is a new quarterly security and privacy awareness newsletter designed for this exact requirement. Protecting Information is edited by data privacy and security expert Rebecca Herold, CISSP, CISM and goes well beyond traditional newsletters, providing audio files and interactive exercises to engage personnel and help them truly understand security and privacy concepts.

Protecting Information enables organization to save time and money educating employees on the latest threats to sensitive information and is a cost-effective way to demonstrate compliance with the cyber-security standards for security awareness education.

Effectively educate employees on information security and privacy principles using real-world examples relevant to all personnel and their families.
Ensure that your message reaches the most people by using a variety of learning styles and formats
Enhance existing education and awareness programs by easily integrating your own branding and messages.
Establish metrics to verify the effectiveness of your awareness efforts
Receive relevant and timely best-practices from a leading data security and privacy expert.
Provide a cost-effective method for ensuring compliance with state, federal and international privacy, data protection and security laws, regulations and standards

Protecting Information is published four times a year and each issue of features information security and data privacy topics that impact employees both within and outside the workplace. Topics such as social-networking, social engineering, mobile computing, e-mail and safe data handling are covered using real-world examples from today’s headlines. Each issue is published in MS-Word and PDF formats and can be customized easily with the organization’s logo and content.

As an additional bonus, each issue includes a companion subscription to Awareness Advisor, a special newsletter containing practical, time-saving advice for security and privacy practitioners written by security, privacy and education expert Rebecca Herold. Organizations can receive a free evaluation version of Protecting Information at www.informationshield.com.

About Information Shield, Inc.

Information Shield is a global provider of information security, data privacy and security awareness products with over 7000 customers in 60 different countries. Headquartered in Houston, Texas, Information Shield's library of publications allow organizations to effectively build policy-based security and privacy programs that focus on compliance with international regulations. For more information, please visit www.informationshield.com or email us at sales@informationshield.com.