Category Archives: HIPAA-HiTECH Compliance

HIPAA-HiTECH Compliance, third-party security policies, Vendor Risk Management

Healthcare Cyber Resilience: Third Party Cyber Risk Management

Posted on by David Lineman
13
Aug

As the result of several recent cyber attacks on the healthcare supply chain, the American Hospital Association (AHA) and Health Information Sharing and Analysis Center (H-ISAC) issued a joint warning for healthcare organizations to increase focus of third-party security. For organizations that are already short on resources and staff, adding Vendor Risk Management process can […]

Continue reading
HIPAA-HiTECH Compliance, Press Releases, Vendor Risk Management

Information Shield Supports New NIST-HIPAA Guidelines

Posted on by David Lineman
15
Feb

In February, the National Institute of Standards (NIST) released the updated version of agency guidance for implementing the HIPAA Security and Privacy Rule. NIST SP 800-66r2, Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, is the second version and contains updated guidance on how Covered Entities can comply with HIPAA. HIPAA enforcement […]

Continue reading
HIPAA-HiTECH Compliance, third-party security policies

Security Policies Key to HIPAA BA Compliance

Posted on by David Lineman

In January the Department of Health and Human Services (HHS) released the much-awaited final updates to the HIPAA Security, Privacy and Enforcement Rules. These updates, known as the “Omnibus Rule” were required by the HITECH Act and have been in proposal form since 2010.  The new law incorporates some major changes in the HIPAA security […]

Continue reading
HIPAA-HiTECH Compliance, Information Classification Policy, PCI-DSS

Information Classification – The Link between Security and Privacy

Posted on by David Lineman
Most of the attention focused on information security today surrounds the public data breach. Almost daily we hear a new report about hundreds or thousands of records of personal information being improperly disclosed.  In fact, it is the loss of private data that drives most of the regulatory environment designed to enforce security.  GLBA, HIPAA [...]
Continue reading
HIPAA-HiTECH Compliance, third-party security policies

Managing Vendor Security Risks Under HiTECH

Posted on by David Lineman
Assessing the risk of third-party vendors has been a growing problem for compliance management.  Because of the growing number of data breaches related to third-parties, regulators have been focusing on the inherent risks of outsourcing.   Within the financial services industry, this has long been accomplished via a SAS70 (now SSAE16) type audit. Within the U.S. [...]
Continue reading