IT Audits can be both lightweight and effective

IT Audits can be both lightweight and effective

In our last mailing, we wrote about how to talk to management about security.  This time, we will address what to tell them. 

It is easy to cloud the communication channels with too many details, the wrong details, or too much technical focus. Instead, concentrate on what management needs to know about the issue at hand, and what they should know in their capacity as organizational leaders. This will help them understand the problems you (and, by extension, they) are dealing with, and importantly, help you get the organizational support you need to solve them.

Why, how, and when to conduct an information security risk analysis

Why, how, and when to conduct an information security risk analysis

Why, how, and when to conduct an information security risk analysis
An article in HCCA Compliance Today

Under the Health Insurance Portability and Accountability Act (HIPAA), all electronic protected health information (e-PHI) created, received, maintained, or transmit- ted by a “covered entity” is subject to the Security Rule. If we assume that information technology powers modern health care, then it stores or disseminates most everything an entity might know about a patient. Thus, e-PHI security and privacy is fundamental and paramount.