AHA Solutions
Resources for Hospitals
 

HIPAA Tip
10/15/08

Finding the Right Path to PCI Compliance, a Complimentary Webcast presented on October 30, 2008 by ecfirst’s Ali Pabrai, CISSP, CSCS. Step through findings of a recent PCI survey to understand what other organizations are doing, examine the very new PCI DSS updates in v1.2, and learn about emerging PCI best practices. Access and authentication management technology is a clear priority in PCI planning. Review auditing, tracking and monitoring requirements to address PCI. To register, please visit www.ecfirst.com.

 

MANAGED COMPLIANCE SERVICES PROGRAM (MCSP)

The HIPAA Academy is the industry’s first organization to offer a 36-month Managed Compliance Services Program (MCSP) to help you continually manage regulatory requirements. No up-front payment - just pay a fixed-fee each month. We do all the work, with minimal impact to your organization.

 

Security regualtions such as HIPAA and PCI’s DSS require organizations to maintain compliance with reasonable and appropriate safeguards in several specific areas. Compliance requirements result in critical activities that must be conducted on a regular schedule, typically once a year. On a regular schedule, organizations must:

        Assess compliance with the requirements  of confidentiality and privacy related regulations

        Assign responsibility to the security officer who is responsible for coordinating compliance and security initiatives

        Conduct a comprehensive and thorough risk analysis including vulnerability assessment (penetration testing)

        Complete a Business Impact Analysis (BIA) for contingency planning and disaster recovery

        Develop and update security policies and procedures

        Train all members of the workforce

        Audit and evaluate the information infrastructure

The ecfirst Managed Compliance Services Program (MCSP) is tailored to meet your compliance requirements.Key features of the ecfirst Managed Compliance Services Program (MCSP) are:

  • Bundled outsourced solution for a fixed monthly fee
  • Periodic performance of vulnerability assessments, security risk analysis, BIA and contingency planning
  • Training, certification and periodic audit and evaluation to keep your organization fully compliant at all times
  • Keeping you compliant with the regulations, to help you focus on the business of delivering exceptional services and capabilities to your clients

 Benefits of outsourcing compliance and security include:

  • Minimizing productivity losses from unexpected downtime
  • Enabling staff to better focus on business-critical tasks and complying with key regulations
  • Depth in resource capabilities with trusted knowledge of client infrastructure
  • Smooth out volatility in resource demands and costs associated with managing information technology

 

Contact Eugene.Kunkle@ecfirst.com or call 1.877.899.9974 x20 for a custom MCSP proposal – there is no cost for the proposal and all our prices are fixed-bid – this helps organizations plan and budget for the future. Talk to us and you will see how we take charge of helping your organization meet compliance requirements.


To learn more about AHA-Endorsed products and services and the AHA Solutions Signature Learning Series, please call
(800) 242-4677 or visit www.aha-solutions.org

October 15, 2008

                                                      

Ali Pabrai, Security+, CISSP, CHP, CSCS
ecfirst.com/HIPAA Academy, Chief Executive
www.HIPAAAcademy.Net

 HIPAA Academy's HIPAA Compliance Training Solutions have the exclusive endorsement of the American Hospital Association (AHA).
________________________

The PCI Security Standard Is Updated. Is Your Organization Impacted?

The Payment Card Industry’s (PCI) Data Security Standard (DSS) is a set of comprehensive requirements for enhancing payment account data security. It was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.

The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

Important Announcement: The Payment Card Industry Data Security Standard (DSS) v 1.2 replaced the DSS v. 1.1 on October 1, 2008. Review key documents as a summary of changes between versions 1.1. and 1.2 at www.pabrai.com – a compliance portal for security regulations. One of the major areas of change involves the use of wireless networks to transmit cardholder data. So organizations impacted by PCI, will need to review the changes closely to understand its impact.

The PCI standard enables merchants and service providers to assess their security status by using a single set of security requirements for all payment organizations. 12 information security requirements have been defined.

 

Who Must Comply with PCI DSS?

PCI DSS is a mandatory standard for all acquiring organizations, e-commerce sites, retailers, and any organization that collects, processes or stores credit card information.  The PCI DSS requirements apply to all members, merchants, and service providers that store, process, or transmit cardholder data.  

 

Contact ecfirst for PCI Questions

Contact Eugene.Kunkle@ecfirst.com or call 1.877.899.9974 x20 to discuss your compliance challenges, including conducting a PCI DSS pre assessment. ecfirst has significant experience conducting vulnerability assessments to help organizations identify compliance and security gaps. Talk to us to learn more about how we can help address your challenges with compliance.

 

PCI Quick Reference Card is Now Available!

Your fastest reference to the PCI Standard, ecfirst’s PCI Quick Reference Card is Now Available in the ecfirst e-store at www.ecfirst.com. Or contact Eugene Kunkle at Eugene.Kunkle@ecfirst.com or at 1.877.899.9974 x20.


For more information visit www.aha-solutions.org, contact Eugene Kunkle at 1.877.899.9974 x20 or visit www.ecfirst.com
One North Franklin, 30th Floor | Chicago, IL 60606