Online Safety Community

Disasters, which can ultimately lead to a data breach, come in various forms – natural, man-made and technical. HIPAA, the HITECH Act, the Federal Trade Commission and the Securities and Exchange Commission are just a handful of entities requiring that the confidentiality, integrity and availability of the sensitive information (e.g., protected health information (PHI) and personally identifiable information (PII)) remain intact. Although federal HIPAA has distinct categories (e.g., covered entity, business associate, and subcontractor), other state or federal government entities use “covered entity” to mean any person that creates, receives, maintains or transmits PHI or PII.

HIPAA sets forth three main categories of safeguards: administrative, physical, and technical safeguards. Often times, these categories overlap. For example, the administrative requirement of a sanction policy compliments the physical requirement of two-factor identification for building access.

Below are a couple of select sections from the Code of Federal Regulations (CFR), which organizations should be particularly vigilant about in relation to disasters.

•45 CFR §164.310 (Physical) – requires that policies and procedures for facility access in order to restore lost data under the disaster recovery and emergency access plan.

•45 CFR §164.308 (Administrative Safeguards) – multiple requirements are set forth under this particular section of the CFR. For example:

•Security management process

•Annual risk analysis

•Information activity review

•Workforce clearance procedure

•Security awareness training

•Contingency plan

 

Read More: http://snip.ly/duepz#http://www.diagnosticimaging.com/blog/hurrican...

Views: 5

Comment

You need to be a member of Online Safety Community to add comments!

Join Online Safety Community

Take our poll!

Take our poll!

Latest Activity

Adam Fleaming posted a blog post

When SSARS does and does not Apply to Preparation Engagements

The Statement on Standards for Accounting and Review Services (SSARS) is a section of the professional standards set out by The American Institute of CPA’s (AICPA), seeking to review earlier standards for reviewing and compiling financial statements and setting out the terms of engagement between the CPA’s and the parties. This section has…See More
13 hours ago
John Robinson shared their discussion on Twitter
14 hours ago
John Robinson posted a discussion

Risk Management Solutions

Risk is defined as the potential hazard, harm or side effect of an activity. Almost all activities come with some or another form of risk, which needs to be mitigated or eliminated. Risk management is a major issue for regulatory compliance professionals. Our resources directory is a medium that helps them understand and overcome challenges. A few ISO standards, such as ISO 9004 cover risk management.Risk Management is a key component of ISO 9004:2000There is an intricate link between ISO…See More
14 hours ago
John Robinson posted blog posts
15 hours ago

Forum

Risk Management Solutions

Risk is defined as the potential hazard, harm or side effect of an activity. Almost all activities come with some or another form of risk, which needs to be mitigated or eliminated. Risk management…Continue

Tags: risk, Banking, management, healthcare, Process

Started by John Robinson 14 hours ago.

Occupational Health and Safety 4 Replies

Health and safety are important aspects of an organisation’s smooth and effective functioning.  Did you know that workplace health & safety injuries cost Australian businesses over $60 billion…Continue

Tags: Safety, and, Health, Occupational

Started by WHS Solutions. Last reply by John Robinson yesterday.

Introduction to PEGA-PRPC

Pega/PRPC is a popular rules engine and BPM tool from Pega systems that is gaining good market share among large corporations. Architects and developers build the Pega/PRPC instance while…Continue

Tags: training, course, online, pega

Started by Soujanya Naganuri Oct 6.

Introduction to PEGA-PRPC

Pega/PRPC is a popular rules engine and BPM tool from Pega systems that is gaining good market share among large corporations. Architects and developers build the Pega/PRPC instance while…Continue

Tags: training, course, online, pega

Started by Soujanya Naganuri Oct 6.

Introduction to PEGA-PRPC

Pega/PRPC is a popular rules engine and BPM tool from Pega systems that is gaining good market share among large corporations. Architects and developers build the Pega/PRPC instance while…Continue

Tags: training, course, online, pega

Started by Soujanya Naganuri Oct 6.

Badge

Loading…

© 2017   Created by Safety Community.   Powered by

Badges  |  Report an Issue  |  Terms of Service