Michael Brown, CISSP, HCISPP, CISA, CISM, CRISC, has been involved with IT for 20 years, the last ten in IT Security. Moving from a security admin to a global security architect, he has been working for the last couple of years as an IT security consultant preforming security risk assessments, gap analysis, and developing policies and procedures for clients to help them implement an information security management system. His research interests include IT/Security frameworks and compliance, the Internet of Things, and mobile device security.
HIPAA for Infosec Professionals
With the recent changes in HIPAA, breaches of healthcare records, new and higher penalties from the OCS and now random audits by OCS, HIPAA compliance has become more important for healthcare companies. And as Information Security professionals, we may be called upon to conduct HIPAA-based security risk assessment or assist practices or their third party vendors in becoming compliant with HIPAA.
But what does HIPAA entail? What is expected? Are they the same as what are expected in other areas or are there differences? And what about some of the strange terms used: covered entity, business associate? What do they mean?
We will go over the basics of HIPAA, the safeguards that make it up, as well as the terms and terminology that surrounds it. While you won’t become a HIPAA expert overnight, you will have a better understanding of what it is and be in a better position to assist healthcare organizations in being more secure.