hipaa security policies Archives

HIPAA-HiTECH Compliance, third-party security policies

Security Policies Key to HIPAA BA Compliance

Posted on January 29, 2013 by David Lineman

In January the Department of Health and Human Services (HHS) released the much-awaited final updates to the HIPAA Security, Privacy and Enforcement Rules. These updates, known as the “Omnibus Rule” were required by the HITECH Act and have been in proposal form since 2010. The new law incorporates some major changes in the HIPAA security […]

Continue reading →

HIPAA-HiTECH Compliance, third-party security policies

Managing Vendor Security Risks Under HiTECH

Posted on March 28, 2012September 27, 2022 by David Lineman

Assessing the risk of third-party vendors has been a growing problem for compliance management. Because of the growing number of data breaches related to third-parties, regulators have been focusing on the inherent risks of outsourcing. Within the financial services industry, this has long been accomplished via a SAS70 (now SSAE16) type audit. Within the U.S. [...]

Continue reading →

Regulatory Compliance, Security Policy FAQ

Aren’t information security policies only for large organizations?

Posted on January 27, 2011 by David Lineman

Regardless of an organization’s size, industry, geographical location, or the extent to which it uses computers; information security is an important matter that should be addressed by explicit policies. Some experts say that the lack of a well-defined corporate information security policy is the single biggest problem with most security efforts. Major data protection laws […]

Continue reading →

Login

Register