Health IT and Electronic Health Activate your FREE membership today |  Log-in

Pabrai on HIPAA/HITECH Compliance:

June, 2010

June 25, 2010  11:53 AM

Learning from PCI Access Control Mandate

Posted by: Pabrai

The objective of PCI DSS Requirements 7, 8, and 9 is for organizations to implement strong access control measures. Just about all regulations - including the HIPAA Security Rule, as well as FISMA, and PCI DSS is no exception - emphasize the area of access control. As you look for your organization...

June 21, 2010  1:51 PM

Why PCI DSS is a Valued Reference

Posted by: Pabrai

The Payment Card Industry's Data Security Standard (PCI DSS) requirements - and there are 12 specific requirements - that impacted organizations must comply with - is one of the most specific standards in the field of information security. Take for example the PCI DSS requirement # 10.7 in the area...

June 18, 2010  1:49 PM

Getting to Know FIPS 200

Posted by: Pabrai

All U.S. federal agencies must be compliant with FIPS 200. FIPS 200 - developed by NIST - establishes the Minimum Security Requirements for Federal Information and Information Systems. FIPS 200, the second of the mandatory security standards for FISMA...

June 15, 2010  4:06 PM

Why You Should Follow FIPS 199?

Posted by: Pabrai

FIPS 199 published by the NIST is a FISMA mandate. Just because it may not be called out by other regulations, this is an important work that security professionals and management must be aware of and familiar with. So what is so special about FIPS 199? The FIPS 199 publication establishes security...

June 11, 2010  1:59 PM

Have You Completed a BIA?

Posted by: Pabrai

A Business Impact Analysis (BIA) is a key step in establishing the requirements of an IT contingency plan. The BIA enables an organization to characterize the system components, supported mission/business functions, and interdependencies. The BIA's purpose is to correlate the system with the...

June 9, 2010  11:04 AM

Is Your IT Contingency Plan Updated and Current?

Posted by: Pabrai

The NIST Special Publication 800-34 Rev 1 defines a seven-step IT contingency planning process that an organization may apply to develop and maintain a viable contingency planning program for their information systems. Contingency Plan is a Standard defined in the HIPAA Security Rule - and like any...

June 4, 2010  1:15 PM

Updating HIPAA & HITECH Policies with PII

Posted by: Pabrai

The Policies and Procedures (§ 164.316(a)) requirement in the HIPAA regulation states that organizations will implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements of the regulation. An organization may...

June 1, 2010  9:11 PM

Guidance from OCR on HIPAA Security Risk Analysis

Posted by: Pabrai

  The very first implementation specification in the HIPAA Security Rule is Risk Analysis. The Office for Civil Rights (OCR) recently published a (draft) guidance document to assist organizations in identifying and implementing the most effective and appropriate administrative, physical, and...

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: