Building a Hospital Security Structure
An analyst outlines an approach for how hospitals can build …
HealthcareInfoSecurity.com Site Map
Articles Agency Releases Webinars
Agencies
These government regulatory bodies guide and govern the behavior of public and private organizations.Federal Trade Commission - The Federal Trade Commission (FTC) is directed to administer a wide variety of consumer protection laws.
Government Accountability Office - The Government Accountability Office (GAO), the investigative arm of Congress, conducts agency IT management and security audits
Health and Human Services - The U.S. Department of Health and Human Services (HHS) oversees Medicare and Medicaid; enforces rules on healthcare data privacy and security.
Office of Civil Rights - The Office of Civil Rights, a unit of the U.S. Department of Health and Human Services, enforces the HIPAA privacy and security regulations.
Office of National Coordinator - The Office of the National Coordinator (ONC) for Health Information Technology helps set privacy/security standards.
Business Continuity & Disaster Recovery
Business Continuity/Disaster Recovery refer to strategies to prepare for and survive disruptions from man-made and natural disastersCompliance
News and insights on key U.S. regulatory issues that influence information security management.ARRA/HITECH - The American Recovery and Reinvestment Act includes a HITECH section that spells out tougher healthcare privacy and security regulations.
HIPAA - The Health Insurance Portability and Accountability Act of 1996 includes healthcare privacy and security provisions. Rules to carry out the mandates are regularly updated.
Identity Theft Red Flags Rule - Federal guidelines detailing how organizations must prevent and respond to identity theft.
Electronic Health Records
Ensuring the privacy and security of clinical information, including electronic health records and personal health recordsFraud
Fraud, a "crime of persuasion," involves efforts to knowingly execute, or attempting to execute, a plan to defraud an organization.First Party - When individuals offer deceptive information about themselves to receive a loan or credit they have no ability or intention to repay.
Medical Identity Theft - Stealing an individual's identity to obtain healthcare services.
Mortgage - Includes first- and third-party crimes involving mortgage loans.
Payments - Crimes against payments processors are on the rise. Medical payments fraud is also a huge threat.
Governance & Standards
Common processes and industry standards employed to assure best practices in securing information systems and assuring privacy.Cobit - IT governance schema and toolset that lets managers bridge the gap among control requirements, technical issues and risks.
COSO - The Committee of Sponsoring Organizations of the Treadwell Commission is dedicated to improving the quality of financial reporting.
ISO - The International Organization for Standardization is a network of the national standards institutes of some 157 countries.
ITGI - The IT Governance Institute was established in recognition of the crucial role of information technology in the success of an enterprise.
ITIL - The Information Technology Infrastructure Library is a set of concepts for managing IT infrastructure, development, and operations.
Health Information Exchanges
Strategies for securing local, regional and national networks that enable organizations to exchange personal healthcare informationPersonalized Medicine
The use of genomic and molecular data, combined with electronic health records, to tailor treatment to an individual's needs. This field raises significant privacy and security issues.Physical Security
Physical information security concerns the protection of data from non-electronic means such as physical attacks or thefts.Biometrics - In security, biometrics refers to use of technology to recognize and authenticate specific human characteristics, including fingerprints and retinal scans. It is an emerging technology in physical security today.
Privacy
Policies, procedures and technologies aimed at safeguarding personal identifiable information on information systems and networksRisk Management
Risk Management is the process of measuring or assessing risk and developing strategies to manage it.HR - Human Resource issues such as hiring, termination and background checks relative to risk management.
Incident Response - The formal reaction to a security breach, i.e. a physical or electronic hack. Includes forensics, eDiscovery and other tactics necessary in the wake of a security breach.
Information Security Compliance - Policies and procedures that enable compliance with government, industry and corporate information security standards.
IT Audit - The process of collecting and evaluating evidence of an IT organization's assets, practices and operations to ensure policy/regulatory compliance.
Risk Assessment - Risk assessment measures the magnitude of potential loss and the probability that loss will occur
Social Engineering - Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most (but not all) cases the attacker never comes face-to-face with the victim.
Vendor Management - Ensuring that service providers adhere to the same information security standards by which your institution abides
Security Leadership
Assessing the role of chief security officers and others involved in ensuring the security and privacy of healthcare information in all settingsTechnology
Evolving technologies must be implemented in a secure manner for projects to succeedApplication Security - Application security involves safeguarding programs in their development, implementation and operation.
Authentication - Ensuring that systems are accessed only by the properly-authorized individuals
Cloud Computing - Cloud computing allows access to applications and data over the Internet.
Data Loss - Tools to prevent loss of critical data in an information systems disaster
Encryption - Encryption is the process of obscuring information to make it unreadable without special technologies
Endpoint Security - Endpoint security is an information security concept in which each device (endpoint) is responsible for its own security.
Governance, Risk & Compliance - Tools that help managers address IT governance, risk and compliance issues.
ID & Access Management - Tools to ensure that systems and networks are open only to the right people at the right times
Messaging - E-mail, instant and text-messaging and other forms of electronic communications that are highly vulnerable to attack
Mobile & Wireless - Tools and processes to enable the secure mobile and wireless computing, especially over the Internet
Network & Perimeter - Network is the IT system needed to conduct business. Perimeter is the border between an organization and other networks
SIM & SEM - Security Information Management and Security Event Management tools.
Social Media - Facebook, LinkedIn and Twitter are now part of our professional lives. What are the risks?
Storage - Systems to store and preserve critical business information in a secure environment
Unified Threat Management - Unified threat management is used to describe network firewalls that have many features in one box, including e-mail spam filtering, anti-virus capability, an intrusion detection or prevention system, and World Wide Web content filtering, along with the traditional activities of a firewall.
Virtualization - Partitioning the computer's memory into separate and isolated virtual mchines simulates multiple machines within one physical computer. Application virtualization refers to several techniques that make running applications more protected, more flexible or easier to manage.
Web Security - Technologies and processes aimed at protecting Internet accounts and files from intrusion by unknown users
Telemedicine
Enabling the secure use of teleradiology, teleconferencing and other telehealth applications, which enable access to healthcare information over the Internet or other networksTraining & Education
Features for enhancing your own information security education, as well as for improving awareness among employees and customers.Topics of Interest
Agencies
- Prioritizing Security Activities within Healthcare Organizations
- Create Your Natural Advantage - Integrating Desktop Power Savings with Patch Management
ID & Access Management
HIPAA
Latest Tweets & Mentions
HealthcareInfoSecurity Research
Recent Blog Entries
Vendor Solutions
-
Solutions For:
Business Continuity/ Disaster Recovery, Email Security, Enterprise Security Management
-
Solutions For:
Access Control, Application Security, Risk Management, Risk Analysis
