|
I’ve met
with these guys in the past and they seem to have their heads screwed on right…
(i.e., understand AD, directory services, MIIS, etc) http://www.sla.com/html/hipaa.htm From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Rick Kingslan "Failure to meet these rules results
in hefty fines and potential jail time if memory serves me correctly." Yes, on both counts. AND - it means
on each instance, and each violator. The Feds aren't playing when it
comes to the protection of patient data. Now, if we could only get them as serious
on other matters..... But, I digress. Sadly, no - I don't know of any
consultants in the area, Justin. You might check with other Health groups
or associations in your area. Someone is bound to be in the same
situation. Rick Kingslan From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Our buy in is HIPAA. This process is mandatory from
the federal government in order to move toward compliancy of the HIPAA Rule.
Failure to meet these rules results in hefty fines and potential jail time if
memory serves me correctly. I guess since no one in the organization has the
expertise to conduct a RA, a consultant will have to come in to guide us. Do
you know of any that are not extremely expensive in the Greater New York Area? -----Original
Message----- Not everything is best
done with software. The only software that I know of (name escapes me at
the moment - I'll get it and report back) is more of a data collection tool to
help you format the data - it doesn't help collect it, per se. You still
have to know HOW to do an RA. It still is going to require the
classification of data types, assigning likelihood of loss, cost of loss,
etc. Nothing I know of is going to make that easier than experience. First, and foremost - do
you have buy-in for this process to the highest levels of management, and
financial backing to get it done? And, dedicated staff toman the
project? Without these, it's not going to succeed. Rick
Kingslan From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Salandra, Justin A. Can you point me to a
software package that can conduct this analysis or do you have something that
you could send over that would help us developing a methodology inhouse? -----Original Message----- Same Risk Analysis that would be used for
Sorb-Ox, GLB - really, it doesn't matter. It's a methodology of
determining who owns the data (you're either a data custodian (you properly
have data from someone else) you are the data owner (well, you own the data) or
a thief (you don't own the data)) and seeing that the data owner understands
the classification of the data (Private, sensitive, confidential, etc.) and
that it is classified properly. Once it's classified, then you must have
procedures and processes to go with the classifications that match with HIPAA -
this will determine how the Data Custodian must deal with the data. The
Data Custodia cannot classify your data - it's not his. Once the classification of the data is
done, the Risk Analysis pretty much falls into place with the same quantitative
and qualitative methods as any other type of RA. Be sure to consider what
methods of transmission, what the likelihood of the data being compromised
while it's in your possession, out of your possession, and how can you transfer
the risk. Remember, there are lots of ways to transfer the risk, number
one being Insurance, number two out-sourcing. Hope that gives you a start. Rick
Kingslan From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Salandra, Justin A. Does anyone here in the Healthcare
field? If you are, what Risk Analysis methodology are you using to move
forward with the HIPAA Security Rule? |
Title: Message
- [ActiveDir] OT HIPAA Security Risk Analysis Salandra, Justin A.
- RE: [ActiveDir] OT HIPAA Security Risk Analysis Rick Kingslan
- RE: [ActiveDir] OT HIPAA Security Risk Analysis Salandra, Justin A.
- RE: [ActiveDir] OT HIPAA Security Risk Analysis Salandra, Justin A.
- RE: [ActiveDir] OT HIPAA Security Risk Analys... Rick Kingslan
- Jackson Shaw
