With the recent changes in HIPAA, breaches of healthcare records, new and higher penalties from the OCS and now random audits by OCS, HIPAA compliance has become more important for healthcare companies. And as Information Security professionals, we may be called upon to conduct HIPAA-based security risk assessment or assist practices or their third party vendors in becoming compliant with HIPAA.
But what does HIPAA entail? What is expected? Are they the same as what are expected in other areas or are there differences? And what about some of the strange terms used: covered entity, business associate? What do they mean? We will go over the basics of HIPAA, the safeguards that make it up, as well as the terms and terminology that surrounds it. While you won't become a HIPAA expert overnight, you will have a better understanding of what it is and be in a better position to assist healthcare organizations in being more secure.
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, has been involved with IT for over 20 years, more than half in information security. Moving from a security admin to a global security architect, he has been working for the last few of years as an IT security consultant working with clients to implement an information security management system as well as performing security risk assessments, gap analysis, and developing policies and procedures. His research interests include IT/Security frameworks and compliance, the Internet of Things, and mobile device security.