Taking time to build out a strong health IT security program

[InfoSec News <alerts () infosecnews org>]

http://healthitsecurity.com/2014/06/17/taking-time-to-build-out-a-strong-health-it-security-program/

By Patrick Ouellette
Health IT Security
June 17, 2014

Department of Health and Human Services (HHS) Chief Regional Civil Rights 
Counsel Jerome Meites recently predicted that there would be a 
considerable uptick in HHS data breach penalties within the next year, 
according to thehill.com.

“Knowing what’s in the pipeline, I suspect that that number will be low 
compared to what’s coming up,” Meites said, adding that he wasn’t speaking 
on the behalf of HHS. Meites’ comments should be the latest reminder to 
healthcare organizations that they should be prepared with transparent 
security programs in the face of upcoming HIPAA audits.

Anahi Santiago, Chief Information Security Officer (CISO) and Privacy 
Officer at Einstein Healthcare Network, explained to HealthITSecurity.com 
how much of the work that she did years ago within her organization has 
helped keep it equipped for a potential federal visit. In building her 
security program over her 9 ½ years at Einstein, Santiago said she has 
used pieces of a variety of different security frameworks as reference 
points. She sees all of the frameworks crossing paths and having 
similarities, so having a mix of the different frameworks makes the most 
sense.

 We started with the NIST framework and weren’t overly-prescriptive with
 it; we used it as a baseline and have taken some pieces from COBIT and
 ISO, and we’ve certainly started to lean toward utilizing HITRUST. I
 would love, at some point, to transition the organization fully to
 HITRUST. But we recognize that no one framework is a good fit for the
 organization; especially in healthcare you recognize that no one
 framework will be a one-size-fits-all.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/