FACT: You are required by federal law to protect your business data.
Whether you’re subject to PCI, SOX, FISMA, GLBA, ISO 17799, 27002, HIPAA or GRC, you have federal mandates to comply with. In healthcare, compliance with the HIPAA Security Final Rule requires every covered entity (CE) and Business Associate (BA) conduct a foundational risk analysis (45 C.F.R. §164.308(a)(1)(ii)(A)), identify security risks and implement measures “to sufficiently reduce those risks and vulnerabilities to a reasonable and appropriate level.”
Additionally, the HIPAA Security Final Rule Evaluation Standard (45 C.F.R. § 164.308(a)(8)) requires CEs and BAs to ”Perform a periodic technical and non-technical evaluation, based initially upon the standards implemented under this rule and subsequently, in response to environmental or operational changes affecting the security of electronic protected health information, which establishes the extent to which an entity’s security policies and procedures meet the requirements of this subpart.
45 C.F.R. § 164.308 should be read by any Covered Entity that needs to comply with HIPAA. There are many more issues covered within that when thoroughly addressed will not ensure compliance, but help you sleep at night. Disaster recovery, appointing a security official, etc.
Since 2010, almost 200 organizations have been posted to the HHS Wall of Shame for data breaches affecting more than 8 million people. The healthcare sector is in the process of learning the hard way that an ounce of risk prevention is worth a pound of mea culpas.
In October, get a Free Network Assessment! Learn if your network is properly configured for maximum speed, security and performance. We’ll look for hidden problems and other critical maintenance issues that can turn into extended downtime and expensive repair costs.
empowerT delivers a detailed IT Report Card that will show where you are vulnerable to security attacks or other failures, as well as provide recommendations on how to resolve these issues as quickly and inexpensively as possible.
Please apply for a Free Network Assessment today. Please allow 24-48 hours for our network specialists to contact you.