It is very strange that when you look around you can find many, many training courses and seminars on HIPAA. From a providing information point of view, the market is well provided for. Yet walk into you local doctor’s office or local hopsital, and ask a few basic questions and blam, they don’t know HIPAA [Click to Read more...]
|
||||||
|
Based on the current attack vectors that are taking place, we need defense teams that are multi-talented. Attacks are no longer simple and scatter gun, like the Nigerian scam. The principle behind this type of attack is launch a hundreds of thousands attacks and hope that just a very few stick. Grammar was poor, yet overall [Click to Read more...] Previous steps Step 3 : Risk Assessment Now we need to consider the threats, both actual and perceived. Identify and discuss them, then list cost-effective solutions. In the solutions identify what is needed and possible methods to implement the solution. After all threats have been identified you might find a single solution that will address more than [Click to Read more...] One question I love asking coverd entities, “What and when was the latest change made to HIPAA?” I ask this for two reasons, One: to see what they know and how up to date they are, and Two: because HIPAA always changes. In a previous post I have already indicated the change in 2008 from [Click to Read more...] HIPAA audits are just like any audit or project they require the proper steps. Step 1 : Project Planning The planning and scoping of a project is often one of the hardest parts of project management. Audits, like a HIPAA audit, are a targeted project with findings or shortcomings as their project deliverables. If the audit scope [Click to Read more...] Most Security regulations like HIPAA, SOX, GLBA and PCI (which is an industry standard Not a regulation), all call for a risk analysis audit. To many this is an unknown or difficult process, so I thought I would present the common goals for a Risk-based Analysis Audit GOAL 1: The network defined We need to [Click to Read more...] Read an article that just blew me away! “An IT auditor may also work a a forensic specialist (cyberforensic) where the objective is usually directed toward potential crimes or nefarious deeds” Then let us make lawnmower mechanics, aviation engineers. Let us have the local lawnmower repair guy service the jet engines to 747s. Obviously we will not!. [Click to Read more...] For most medical practitioners the full concept of Disaster Recovery Planning (DRP) is sadly not fully understood. This often comes from a very weak approach to Risk Management, since the two concepts are very interrelated. [ By the way: HIPAA does calls for both, Disaster Recovery Plan see 164.308(a)(7)(ii)(B) and Risk Management see 164.308(a)(1)(ii)(B) ] So [Click to Read more...] Complaint Driven Vs. Audit Driven In October 2008 OIG (Office of Inspector General) conducted an audit of CMS (Centers for Medicare & Medicaid Services) regarding their oversight of HIPAA. Read the link for more information it is well worthwhile, though for many the impact may be subdued in auditees (auditor speak or lingo). My summary of the [Click to Read more...] This was born out of two sequences of events: (1) Attending the SANS webcast Virtual rountable: featuring Ed Skoudis, Mike Poor, and Hal Pomeranz, the discussion point concerning cyber warfare / cyber attack was raised due to the current activity against South Korean and US government networks. (2) During the same week I was reading “The Management [Click to Read more...] |
How important is HIPAA to your organization?
Total Voters: 0  Loading ... |
|||||
|
Copyright © 2010 ISSCP Security Blog - All Rights Reserved |
||||||
