CSF Roadmap 2015 and Beyond Presented By Bryan S. Cline, Ph.D.

Slides:



Advertisements
Similar presentations
Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP
Advertisements

Entities Covered by HIPAA Privacy Rule George Mason University College of Nursing and Health Science Regulatory Requirements for Health Systems Summer.
HITRUST, HIPAA, & HITECH TURNING COMPLIANCE INTO COMPETITIVE ADVANTAGE Mark Fulford, Partner Thomas Lewis, Partner LBMC Risk Services.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
Culture of Compliance HIPAA Privacy & Security Compliance Office.
CSF Support for HIPAA and NIST Implementation and Compliance Presented By Bryan S. Cline, Ph.D. Presented For HITRUST.
200 International Dr., Buffalo, NY (716) Lifting the Fog to See the Cloud Information Security.
Copyright © 2011 Cloud Security Alliance Cloud Controls Matrix Work Group Session Sean Cordero President of Cloudwatchmen,
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
PII / IDENTITY THEFT Is Your University an Open Market for ID Thieves? TACUA 2011 Carol Rapps CIA, CISA, CCSA, GLIT
Security Controls – What Works
1 Copyright © 2010 M. E. Kabay. All rights reserved. Security Audits, Standards, & Inspections CSH5 Chapter 54 “Security Audits, Standards and Inspections”
POP QUIZ!!! Can fraud be accidental? What do you call organizations who must abide HIPAA regulations? What does ‘minimum standard necessary’ mean?
Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
Copyright Security-Assessment.com 2004 Security Governance and Regulatory Controls by Peter Benson.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Privacy and Security Tiger Team Meeting Recommendations regarding a framework of security protections for EHRs December 7, 2011.
A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1.
Information Security Framework & Standards
Privacy and Security Tiger Team Subgroup Discussion: MU3 RFC July 29, 2013.
Acquisitions: Your Latest Zero Day Presented by: Mitch Greenfield, CISA, CEH, Scott MacArthur, CISSP, CISA, CEH, LPT 1.
WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.
Identity Protection (Red Flag/PCI Compliance/SSN Remediation) SACUBO Fall Workshop Savannah, GA November 3, 2009.
The Implementation of HIPAA Joan M. Kiel, Ph.D., C.H.P.S. Duquesne University Pittsburgh, Pennsylvania.
Roles and Responsibilities
HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.
Systems and Software Consortium | 2214 Rock Hill Road, Herndon, VA Phone: (703) | FAX: (703) Best.
2 ictQATAR “ Information and Communication Technology (ICT) improves how we live and work in countless ways.”  The Ministry of Information Communication.
What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond.
Utilizing the CMS Security Risk Assessment Tool Liz Hansen, PCMH CEC, ICD-10 PMC Special Consultant, GA-HITEC Member Manager, GaHIN
Meaningful Use Security Risk Analysis Passing Your Audit.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
PKI Forum Business Panel March 6, 2000 Dr. Ray Wagner Sr. Director, Technology Research.
Seeking a National Standard for Security: Developing a Systematic Crosswalk of the Final HIPAA Security Rule, the NIST SP , NIST SP Security.
Imagine a health system that focuses on health, not just health care. Imagine a sustainable health system with one goal: to improve the lives of the people.
NIST / URAC / WEDi Health Care Security Workgroup Presented by: Andrew Melczer, Ph.D. Illinois State Medical Society.
NIST HIPAA Security Rule Toolkit Kevin Stine Computer Security Division Information Technology Laboratory National Institute of Standards and Technology.
1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.
©2002 by the National Committee for Quality Assurance NCQA: HIPAA Business Associate Presentation to the 6th National HIPAA Summit March 28, 2003 Patricia.
IRP, Inc. Report IFTA, Inc. Annual Meeting Manchester, NH July 2009 Mary Pat Paris and Tim Adams.
HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Transactions and Code Sets U.S. Healthcare Industry at a Tipping Point Steven S. Lazarus, PhD, CPHIT, CPEHR, FHIMSS April 7, :30 pm –
2/20/2016 Leveraging IT Governance and COBIT Chip Council, PhD, CGEIT, CISM, CISA Matt Schmidt, MS, CISSP, CISA Adjunct Professors, University of Minnesota.
API Task Force Josh Mandel, Co-Chair Meg Marshall, Co-Chair December 4, 2015.
Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.
© 2009 Cengage Learning. All Rights Reserved. Regulating Hospitals.
Cybersecurity is not a new issue! Dr. Edgar Frank Codd, an IBM researcher, wrote a paper that described the fundamental model of the relational databases.
Cybersecurity Presentation Insert Name CSIA 412. Agenda 0 Purpose of Legislation 0 Influence of Legislation 0 Legislation vs. Other Regulatory Demands.
CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
Presenter Gene Geiger, A-LIGN Partner -HITRUST Practitioner -CPA -CISSP -CCSK -QSA -PCIP -ISO 27K LA.
Annual CISO Update Ken Runyon, CISO
Dr. Ir. Yeffry Handoko Putra
MS in IT Auditing, Cyber Security, and Risk Assessment
An Information Security Management System
Dr. Yeffry Handoko Putra, M.T
Presenter: Mohammed Jalaluddin
WISE WG STAA Awareness and Training
OHIMA 2010.
IS4680 Security Auditing for Compliance
GDPR Workshop G.LEFTHERIOTIS /
Institutional Privacy Challenges
Information governance and information security
IS4550 Security Policies and Implementation
American Health Information Management Association
ComplyCORE: Why didn’t I think of that?
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Security Policies and Implementation Issues
Part 1: Controlled Unclassified Information (CUI)
Presentation transcript:

CSF Roadmap 2015 and Beyond Presented By Bryan S. Cline, Ph.D. Presented For HITRUST

Introduction Information Security Implementation Manual Compliance Reporting System U.S. Healthcare Industry Implementation Standards Control Objectives Primary Ref: ISO/IEC 27002:2005 & ISO/IEC 27001:2005 Self Assessment Process Certification Process Standards and Regulations Cross Reference Matrix Standards and Materials Leveraged HIPAA/HITECH HITRUST member experience NIST 800 Series CMS The Joint Commission Others FTC Red Flags Mass. 201 CMR 17.00

Outline

NIST-CMS Harmonization (Publication Updates) 2014 CSF v6 NIST SP 800-53 r4 (Apr 2013 FPD) CMS IS ARS v1.5 (2012) NIST-CMS Harmonization (Publication Updates) Title 1 TX Admin. Code 390.2 (TX Standards), Privacy requirements to support TX certification of the HIPAA Privacy Rule Dozens of other federal and state legislation and regulations related to the protection of health information

NIST Cybersecurity Framework v1 (2014) Something new – 2014 CSF v6.1 PCI-DSS v3.0 (2013) HIPAA Omnibus Rule (2013) ISO/IEC 27001:2013 (2013) ISO/IEC 27002:2013 (2013) NIST Cybersecurity Framework v1 (2014)

Minimum Acceptable Risk Safeguards–Exchanges (MARS-E) (2012) Something new – 2014 CSF v6.2 Minimum Acceptable Risk Safeguards–Exchanges (MARS-E) (2012) Catalog of Minimum Acceptable Risk Controls for Exchanges v1 (2012) Includes references to IRS Pub 1075 requirements for FTI, which also supports TX Covered Entity Privacy & Security Certification requirements NIST HSR Toolkit v1 (2011) Unknown if NIST plans to update the tool OCR Audit Protocol v2 (2014) When released May also impact CSF Assurance Program

Considering COBIT 5, but … 2015 CSF v7 and beyond … Considering COBIT 5, but …

See you in 2015!

Dr. Bryan S. Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP HITRUST Advisor Bryan.Cline@HITRUSTalliance.net

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.