Video

Mobile devices compromise biosecurity and information security. Use management of biosecurity risks as both a carrot and stick to enhance hospital IT security compliance.

Though originally a "report and investigate" regulation, changes to how HIPAA is enforced (including audits with no prior complaint) means enterprises that fall under HIPAA jurisdiction must be prepared in a way they haven't needed to be before.

Video

Adoption of electronic healthcare records (EHR) has lagged behind the expected adoption rate in the US market. This appears to be largely due to low end-user adoption. IT managers need to understand the end-users' needs and bring them on board...

Note

Internal risk demands internal controls. However, strong controls can inhibit the business process. Balance the risk mitigation benefits of internal controls with the impact they have on business process and the investment required deploy them.

Solution Set

Issues such as privacy, fraud, security, and corporate accountability mean that every organization should already have some process in place to monitor and limit employee actions in the workplace.

Tool

There are numerous areas on which organizations can focus to improve controls and manage internal threats for compliance or risk mitigation purposes. To improve, organizations need to gauge their current level of maturity and prioritize their...

Template/Policy

A well governed access management process requires formalized management approval for access to systems and physical access points. Use this tool to develop a formal process for employee access requests.

Tool

A well governed access management process requires formal management approval for access to systems and physical access points. Use this tool to track current access to systems and other access points in the organization.

Solution Set

Ensuring solid security and compliance means building a comprehensive and well-thought-out User Management strategy, and doing it without breaking the bank.

Note

A user management strategy, along with formalized policies and procedures, set the organization up for success in onboarding employees, preventing unauthorized data access, compliance audits, and even adopting new technologies.

Video

A comprehensive user management strategy, united with formalized policies and procedures, will set the enterprise up for success with onboarding of employees, preventing unauthorized data access, compliance audits, as well as the adoption of new...

Template/Policy

This RFI template is designed to help solicit information from user management tool vendors on what types of user management tools are best suited for your environment and situation based on the information provided to the vendor.

This solution set will help IT leaders determine the need for Governance, Risk Management and Compliance (GRC) software, and select an appropriate vendor with confidence.

Template/Policy

An Enterprise Privacy Checklist allows the enterprise to quickly and easily determine if it is holistically taking appropriate measures to ensure the privacy of information that it collects.

Template/Policy

A Privacy Policy serves as a core component of an enterprise's commitment to maintaining the privacy of client, prospect, or constituent information and is a requirement for compliance with many pieces of legislation.

Template/Policy

A Web Privacy Statement notifies visitors to your Website of the type of information that the enterprise is collecting, the intention for which the information is collected, and the mechanisms by which the information will be protected.

Template/Policy

This document provides a template for contract provisions of onward transfers to third parties where Private Information is concerned.

Template/Policy

Though not tied to a specific piece of privacy legislation, this checklist represents an amalgam of average privacy requirements and can serve as the basis to ensure that the IT department is taking the appropriate information privacy steps.

Note

The current regulatory environment in the US demonstrates growing intolerance for privacy violators; consequently, privacy is a growing concern for IT leaders. Enterprises with a strategy for privacy compliance are far more successful at...

Solution Set

This solution set will help IT leadership respond to expectations from the business to develop a privacy strategy by defining IT's privacy compliance responsibilities.

Video

The current regulatory environment in the US demonstrates growing intolerance for privacy violators; consequently, privacy is a growing concern for IT leaders. Enterprises with a strategy for privacy compliance are far more successful at...

For many hospitals worldwide, Electronic Medical Records (EMR) systems are the way of today. Healthcare organizations slow to join the digital wave should begin with document imaging. Understand the first steps to EMR and begin preparations for...

Template/Policy

Healthcare organizations looking to implement Electronic Medical Records (EMR) technologies should begin with document imaging. Organize a high level strategy for deployment to help build buy-in from senior management.

With only eight convictions since its inception in 1996, the Health Insurance Portability and Accountability Act (HIPAA) is a failure. Too little oversight and too much uncertainty surround HIPAA and cloud the real issues at hand.

IT managers in healthcare have different priorities from their peers in other industries. Specifically, they allocate more resources to support and proportionally fewer to security and design and development. Address the potential problems of...

SharePoint can help healthcare organizations improve internal communication and streamline business processes, but it can also increase the risk of HIPAA violations. Take advantage of SharePoint's built-in security features to facilitate compliance.

The HITECH bill is part of the American Recovery and Reinvestment Act (ARRA) enacted in 2009. The Whitehouse views an investment in Healthcare IT, and more specifically, a move towards digital health records as the solution to a healthcare...

Data privacy is a pressing and growing concern for all enterprises. Small enterprises should segregate duties and tasks at the operational level to create an IT environment based on security best practices like least privilege.

If proper auditing and compliance tools and process are not put in place for instant messaging (IM), needless exposure to risk could result and legal consequences incurred. Learn to secure, manage, and archive IM or ban it altogether.

Establishing a comprehensive Disaster Recovery Plan (DRP) is very important in any industry, but particularly necessary in healthcare due to the degree of regulatory scrutiny. Securing the safety and flow of information in all its various forms...