July 05, 2007

 

AHA Solutions’ Monthly Security & Privacy NEWSLETTER


The Security & Privacy NEWSLETTER is published monthly in support of the healthcare industry's efforts to work together towards compliance in security and privacy. Subscribers total over 3,000.

 

In this issue:

1.  Monthly HIPAA Compliance Tip: Risk Analysis
2.  FREE Web cast: Building a Robust IT Strategic Plan in the Community Hospital 
3.  FREE Web casts from Burwood Group: Visible Security Operationsand Building the Self-Defending Enterprise
4.  Free Customer Brief: Columbus Children's Hospital adoption of Single Sign On Technology by CA
5.  FREE White Paper from AT&T: A Patient Data Network for the Future
6.  FREE Executive Brief from HIPAA Academy: The Disruption of Healthcare: Forces of Technology and Genetics Forever Change Healthcare

7.  FREE EDUCATION from AT&T and AHA Solutions: Connecting Communities: The Promise and Challenge of Building RHIOs

8.  FREE EDUCATION from IronPort and AHA Solutions: Keeping PHI in E-Mail Safe and Secure

__________________________________________________________________________________________ 


1. Monthly HIPAA Compliance Tip: Risk Analysis

Brought to you by: Ali Pabrai, CISSP, CSCS, HIPAA Academy

 

Recently, the Office of Inspector General (OIG) in the U.S. Department of Health and Human Services (HHS) launched audits for compliance with the HIPAA regulation. We are now witnessing a new era of HIPAA Privacy and Security enforcement. To comply with the HIPAA regulation, organizations must complete on a regular schedule several activities including a thorough risk analysis, development of disaster management plans, training of all employees and conduct a comprehensive audit. The focus of this HIPAA Security Tip is on Risk Analysis – the first implementation specification defined in the regulation.

Risk Analysis is a required implementation specification addressed in § 164.308(a)(1) (ii) (A) of the HIPAA Security Rule. The regulation requires that organizations conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of EPHI held by the covered entity.


Risk assessments typically include the following steps:

  • Determine system characterization:
            Hardware, software
            System interfaces
            Data and information
            People
  • Identify any vulnerability or weaknesses in security procedures or safeguards.
  • Identify events that can negatively impact security.
  • Identify current controls in place
  • Identify the potential impact that a security breach could have on an organization’s operations or assets, including loss of integrity, availability, or confidentiality.
  • Recommend security controls for the information and the system, including all the technical and non- technical protections in place to address security concerns.
  • Determine residual risk.
  • Document all outputs and outcomes from the risk assessment activities

 

For more information or to get a complimentary HIPAA Security Rule Quick Reference Cardplease email technologysolutions@aha.org

 

About HIPAA Academy:AHA Solutions, Inc., the endorsement facility of the American Hospital Association (AHA) awarded the AHA endorsement to ecfirst.com, Inc.'s (ecfirst) HIPAA Academy as a resource for training to help hospitals comply with the Health Insurance Portability and Accountability Act (HIPAA) security regulations.


2. Free Educational Web cast: Connecting Communities: The Promise and Challenge of Building RHIOs

Regional health information organizations (RHIOs) have recently emerged as a key element in the national agenda to advance broader adoption and use of healthcare information technology. Join us as we talk with national leaders who will be sharing key insights on building and sustaining RHIOs.

Sponsored by AHA Solutions and AT&T

Date: On demand, at your convenience!
Duration: 1 ½ hours

Click here for the replay

 

 

3. FREE Web casts from Burwood Group: Visible Security Operations and Building the Self-Defending Enterprise

 

Visible Security Operations

Learn about building a security architecture that provides real-time visibility and correlation of security events across the enterprise to prioritize investments and improve defenses. In addition to technical defenses, learn how to structure your organization for efficient incident response and sustainable operations.

July 12, 2007 10:00 am CST

Building the Self-Defending Enterprise

Securing the enterprise from malicious software, users, and organizations no longer ends with enforcing security at our network’s perimeter. As business demands have required our communication and information sharing methods to become more complex, so have our business and IT risks become increasingly complicated.

In order to design a truly secure enterprise, specification and implementation of technical controls must be carefully considered from the Internet edge, to critical Data Center and application elements, through to end-user PCs and PDAs.

July 31, 2007, 10:00 am CST

Register here for both events!

 

 

4. New Web cast Assists Community Hospitals with IT Strategic Planning

Hospitals & Health Networks, one of AHA’s healthcare publications, has launched a web cast to assist community

hospitals with IT strategic planning.

 

Click here for the replay.

 

5. Free Education from IronPort and AHA Solutions: Keeping PHI in E-Mail Safe and Secure


Health care providers, payers and other covered entities have HIPAA- mandated requirements for privacy and security of electronic protected health information, or ePHI.

The American Hospital Association has a process to review, test and recommend software for its hospital members. In the arena of secure messaging software, it has endorsed the IronPort PXE Encryption technology to enable its members to operate secure, HIPAA-compliant e-mail systems.

Come away with practical guidance including:

  • An overview of HIPAA email requirements
  • The AHA's criteria and selection process for a secure messaging solution
  • Examples of HIPAA email policies, and how to enable them in your network
  • Real world case studies from IronPort customers

Date: On demand, at your convenience!
Duration: 1 hour

Register Today

 

6. The Disruption of Healthcare: Forces of Technology and Genetics Forever Change Healthcare

 

Complimentary Exec Brief Now Available from HIPAA Academy

In this executive brief we examine the DNA of tomorrow’s digital healthcare ecosystem. Digital healthcare is about the delivery of personalized care – it is about information-based medicine. It is the result of digitization of healthcare information of each person.

In this brief, we examine the building blocks of digital healthcare including:

  • The flattening of the healthcare infrastructure as a direct result of Electronic Health Records (EHR), the National Healthcare Information Network (NHIN), Regional Health Information Organizations (RHIOs) and of course, the Internet
  • Regulatory compliance and how it is seriously influencing policy and technology priorities in healthcare organizations
  • The impact of genomics on healthcare and its influence on personalized medicine


For a free electronic version, please email technologysolutions@aha.org

 

 

7. A Patient Data Network for the Future – by AT&T

 

“Our paper based system of medical records is impractical when doctors need fast access to charts, lab tests and scans. Regional Health Information Organizations could one day make that information available across counties – or even across the nation.”

 

To read the full Market Brief, please email technologysolutions@aha.org

 

 
8. Free Customer Brief: Columbus Children's Hospital adoption of Single Sign On Technology by CA


Columbus Children’s Hospital is the 5th largest children’s hospital in the United States with the 3rd busiest pediatric emergency room.  A top priority for the hospital is protecting the safety of their patients this includes both the patient’s health as well as the security of patient’s personal health information. To ensure confidential data security, Columbus Children’s Hospital adopts CA Single Sign-On and other CA solutions to protect patient information, ease user management and streamline audit reporting, resulting in strong information security, compliance fulfillment, as well as improved response time and satisfactions of the hospital staffs and workers.

 

This customer brief provides an overview of the challenges that Columbus Children's Hospital faced, and how a unified solution combining CA Single Sign-On, CA Identity Manager and CA Security Command Center helps Columbus Children’s improve physician and clinical staff satisfaction and efficiency.

 

For a free copy of the customer brief, email technologysolutions@aha.org

 

 

 

 

 

 

 
TECH Sec Priv Newsltr Banner Ad

Unsubscribe or update your email address. 		Email Marketing
One North Franklin, 30th Floor | Chicago, IL 60606