The solution to this problem is for organizations to design and develop unique, best practice-focused compliance programs based on their infrastructure, organization and operational risk. This requires setting and implementing a number of standards within the organization, including technical and paper-based policies, procedures, standards and technical controls. The resulting security program must incorporate a strong layer of audit to demonstrate appropriate governance over the confidentiality, availability and integrity of ePHI and the program’s relevance to the requirements set forth in the HIPAA Security Standard.Interested in some other reports by ArcSight?
Tuesday, June 15, 2010
Healthcare Security Oversight for HIPAA Audit and Compliance
There's a nice whitepaper by ArcSight titled, "Healthcare Security Oversight for HIPAA Audit and Compliance." You can download that paper here (PDF). In 9 pages, ArcSight does a nice job summarizing some important elements of HIPAA compliance in this digital age. Here's a paragraph from the executive summary: