Applying ISO 27000 to Address HITECH, HIPAA & State Mandates

Healthcare organizations must comply with several regulations in the areas of information privacy and security, including HIPAA, the HITECH Act, and State mandates. Additionally, organizations with business associates outside of the USA may also have to comply with the PCI DSS Standard. The ISO 27002 standard is an important reference and an excellent framework in the world of information security.

The ISO 27002 standard is part of the ISO 27000 family of standards specifically focused on information security. The ISO 27000 is the global standard for information security. The ISO 27002 standard provides an excellent reference for addressing regulations such as HIPAA, the HITECH Act and State mandates (such as those for California, Massachusetts and others). ISO 27002, entitled Information technology - Security techniques - Code of practice for information security management is published by the International Organization for Standardization (ISO). ISO 27002 provides information security management best practice recommendations for use by those responsible for initiating, implementing or maintaining Information Security Management Systems (ISMS). Information security is defined within the standard of the C-I-A triad:

• Confidentiality – ensures that information is accessible only to those with authorized access
• Integrity – pertains to safeguarding the accuracy and completeness of information and processing methods
• Availability – ensures that authorized users have access to information and associated assets when required

The standards in the ISO 27002 document are organized into eleven security control clauses (sections). Each covers a different topic or area.

1. Security Policy
2. Organizing Information Security
3. Asset Management
4. Human Resources Security
5. Physical and Environmental Security
6. Communications and Operations Management
7. Access Control
8. Information Systems Acquisition, Development and Maintenance
9. Information Security Incident Management
10. Business Continuity Management
11. Compliance

Contact John.Schelewitz@ecfirst.com or call 1 (480) 663-3225 to discuss the application of the ISO 27002 Standard to address HIPAA and State mandates impacting your organization. ecfirst specializes in enabling organizations address regulatory requirements in the areas of privacy and security.

ISO Quick Reference Card and ISO/HIPAA Mapping Documents
The ISO 27002 Quick Reference Card and the ISO 27002/HIPAA Security Rule are available in the ecfirst e-store at www.ecfirst.com.

Pabrai Presents at the HIPAA Summit in Washington, DC – September 15-17, 2009 Join Ali Pabrai, (CISSP, CSCS), compliance and cyber security expert, at the HIPAA Summit in Washington, DC. On Tuesday, September 15, 2009, a special HIPAA professional certification training will be delivered as part of the pre-conference session. At the HIPAA Summit, Pabrai will also present, “How HIPAA Fits into the Broader Scheme of Privacy and Security Regulation in the United States.” For more details please visit www.HIPAASummit.com.

HIPAA Academy, the industry’s gold standard for HIPAA training, certification and consulting, has made available on-line the content and exams for HIPAA Academy’s Certified HIPAA Professional (CHP) and the Certified HIPAA Security Specialist (CHSS). Clients include many hospitals, long term care organizations, BCBS, several business associates and leading firms including IBM, HP, E&Y, Kaiser Permanente, Microsoft and many others. Review the content, take the exams, and become certified on-line with the HIPAA Academy. For details, please visit www.HIPAAAcademy.Net.

Learn about key aspects of the HIPAA regulation including Transactions and Code Sets, Identifiers, Privacy and Security.  This exceptional program is delivered by HIPAA expert, Lorna Waggoner. Take the certification exam at the end of the second day.  To register, please visit www.HIPAAAcademy.Net or call Eugene Kunkle at 1 (877) 899-9974 x20.  Check out hundreds of client testimonials on-line at www.HIPAAAcademy.Net.