HIPAA Security Rule Toolkit is now available on the NIST website.
http://scap.nist.gov/hipaa/
I first saw a demo of this toolkit at the NIST/OCR Conference back in May. Here's a link to the video webcast for that conference in case you would be interested in seeing the initial demo of the toolkit (it's the last one on the list):
http://www.ebmcdn.net/nist/flash/nist-051011/nist-051011-archive.html
Friday, December 2, 2011
Saturday, November 5, 2011
WVHIMSS Fall Education/Networking Conference
Yesterday's WVHIMSS conference at Fairmont State University was great! The focus of the conference was on ICD-10 Implementation and the topics included:
Project Management
Impacts on Revenue Cycle Management
Impacts on Health Information Management
The WVHIMSS website will have all presentations posted shortly so be sure to download them as soon as they are available.
Nathan
Project Management
Impacts on Revenue Cycle Management
Impacts on Health Information Management
The WVHIMSS website will have all presentations posted shortly so be sure to download them as soon as they are available.
Nathan
Saturday, October 15, 2011
Lost Backup Tapes
Lost backup tapes that contains information on approx. 1.6 million patients from Nemours. Below is a link to the story and I find this quote pretty interesting:
"You'd need a highly specialized and trained expert and equipment to access this information," Grabusky said. "It's like playing an eight-track tape on an iPod."
Any type of priopriety format that may make it difficult to retrieve the information does mean encrypted and would achieve safe harbor from breach notification as I've heard discussed in the past by OCR.
Definitely will be an interesting one to watch.
http://www.delawareonline.com/article/20111013/BUSINESS13/110130347/Nemours-patient-data-tapes-missing?odyssey=tabtopnewstextHome
Written by
ERIC RUTH
The News Journal
"You'd need a highly specialized and trained expert and equipment to access this information," Grabusky said. "It's like playing an eight-track tape on an iPod."
Any type of priopriety format that may make it difficult to retrieve the information does mean encrypted and would achieve safe harbor from breach notification as I've heard discussed in the past by OCR.
Definitely will be an interesting one to watch.
http://www.delawareonline.com/article/20111013/BUSINESS13/110130347/Nemours-patient-data-tapes-missing?odyssey=tabtopnewstextHome
Written by
ERIC RUTH
The News Journal
Tuesday, October 4, 2011
Military health plan breach affects 4.9 million
Loss of unencrypted backup tape results in one of the largest breaches on record. It’s also interesting that TRICARE concluded that the risk of harm to patients is judged to be “low”. If that’s really the case, then why report the breach in the first place? Just a rhetorical question. I think we all know the answer to that!
Backups are a common risk that I find at many practices when helping providers with their security risk assessments. Very rarely are backup devices (tapes, USB devices, etc.) encrypted and usually just goes home with the Office Manager or other staff when taken offsite. Utilizing encryption really isn't as hard as it sounds. Most backup software products have encryption capabilities that only needs configured and applied to the backup job.
http://blogs.hcpro.com/hipaa/2011/09/military-health-plan-breach-affects-4-9-million/
Military health plan breach affects 4.9 million
By Dom Nicastro
Backups are a common risk that I find at many practices when helping providers with their security risk assessments. Very rarely are backup devices (tapes, USB devices, etc.) encrypted and usually just goes home with the Office Manager or other staff when taken offsite. Utilizing encryption really isn't as hard as it sounds. Most backup software products have encryption capabilities that only needs configured and applied to the backup job.
http://blogs.hcpro.com/hipaa/2011/09/military-health-plan-breach-affects-4-9-million/
Military health plan breach affects 4.9 million
By Dom Nicastro
Tuesday, September 27, 2011
WSJ Article
Here's a great article from the Wall Street Journal that was forwarded over to me by Nicholas Heesters:
Health-Care Industry: Heal Thyself
Safeguarding patient information is especially important. And especially difficult.
By M. ERIC JOHNSON
http://online.wsj.com/article/SB10001424053111904716604576542380296355702.html?mod=googlenews_wsj
Health-Care Industry: Heal Thyself
Safeguarding patient information is especially important. And especially difficult.
By M. ERIC JOHNSON
http://online.wsj.com/article/SB10001424053111904716604576542380296355702.html?mod=googlenews_wsj
Tuesday, September 20, 2011
NIST 800-30 Changes
For those of you in the information security field, here's an interesting notification that I received from NIST regarding changes to the NIST 800-30 guidance document. If you've conducted risk assessments for any federal systems or followed NIST guidance in health care, banking, or other industries, you may certainly be familiar with this one. One of the biggest changes is the separation of risk management (NIST 800-39) and risk assessments (NIST 800-30 Rev 1) into different guidance documents.
NIST 800-30 Revision 1 is accepting public comments from September 19, 2011 - November 4, 2011.
Nathan Gibson
--------------------------
September 19, 2011:
NIST Computer Security Division is proud to announce the release of:Initial Public Draft (IPD) of Special Publication 800-30, Revision 1, Guide for Conducting Risk Assessments
Here are 2 links to where you can read the full announcement of this draft publication release along with a link to the PDF file on the CSRC website:
Draft Publications Page: http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-30-Rev.%201
CSRC News Page: http://csrc.nist.gov/news_events/index.html#sept19
----------To update your user profile click the Subscriber Preferences Page - link below. You can have your email address removed from this topic, or you can add other topics that we currently offer - those can be seen and chosen in user preferences. If you wish to unsubscribe from all topics, you can do so within your user profile. Any questions regarding our list, send email directly to Pat O'Reilly (address below). For technical issues regarding GovDelivery, contact their support team (address below). NOTE - do NOT reply back to this email for I will not receive it.
Thank you.
Pat O'ReillyComputer Security DivisionNISTpatrick.oreilly@nist.gov
Update your subscriptions, modify your password or e-mail address, or stop subscriptions at any time on your Subscriber Preferences Page. You will need to use your e-mail address to log in. If you have questions or problems with the subscription service, please contact support@govdelivery.com. All other inquiries can be directed to webmaster-csrc@nist.gov.
This service is provided to you at no charge by the National Institute of Standards and Technology (NIST).
This email was sent to ngibson using GovDelivery, on behalf of: NIST Computer Security Resource Center · 100 Bureau Drive · Gaithersburg, MD 20899 · (301) 975-6478
NIST 800-30 Revision 1 is accepting public comments from September 19, 2011 - November 4, 2011.
Nathan Gibson
--------------------------
September 19, 2011:
NIST Computer Security Division is proud to announce the release of:Initial Public Draft (IPD) of Special Publication 800-30, Revision 1, Guide for Conducting Risk Assessments
Here are 2 links to where you can read the full announcement of this draft publication release along with a link to the PDF file on the CSRC website:
Draft Publications Page: http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-30-Rev.%201
CSRC News Page: http://csrc.nist.gov/news_events/index.html#sept19
----------To update your user profile click the Subscriber Preferences Page - link below. You can have your email address removed from this topic, or you can add other topics that we currently offer - those can be seen and chosen in user preferences. If you wish to unsubscribe from all topics, you can do so within your user profile. Any questions regarding our list, send email directly to Pat O'Reilly (address below). For technical issues regarding GovDelivery, contact their support team (address below). NOTE - do NOT reply back to this email for I will not receive it.
Thank you.
Pat O'ReillyComputer Security DivisionNISTpatrick.oreilly@nist.gov
Update your subscriptions, modify your password or e-mail address, or stop subscriptions at any time on your Subscriber Preferences Page. You will need to use your e-mail address to log in. If you have questions or problems with the subscription service, please contact support@govdelivery.com. All other inquiries can be directed to webmaster-csrc@nist.gov.
This service is provided to you at no charge by the National Institute of Standards and Technology (NIST).
This email was sent to ngibson using GovDelivery, on behalf of: NIST Computer Security Resource Center · 100 Bureau Drive · Gaithersburg, MD 20899 · (301) 975-6478
Subscribe to:
Posts (Atom)