Presentation is loading. Please wait.

Presentation is loading. Please wait.

NIST / URAC / WEDi Health Care Security Workgroup Presented by: Andrew Melczer, Ph.D. Illinois State Medical Society.

Published byGervase Adams Modified over 9 years ago

Similar presentations

Presentation on theme: "NIST / URAC / WEDi Health Care Security Workgroup Presented by: Andrew Melczer, Ph.D. Illinois State Medical Society."— Presentation transcript:

1 NIST / URAC / WEDi Health Care Security Workgroup Presented by: Andrew Melczer, Ph.D. Illinois State Medical Society

2 Background u NIST/URAC/WEDi Health Care Security Workgroup established late 2002 u Response to HIPAA final Security Rule u Formed to: – Facilitate identification and implementation of best practices in health care for information security requirements – Identify similarities between those practices and HIPAA standards

3 Workgroup Mission u To facilitate communication and consensus on best practices for information security in health care u To promote implementation of uniform approach to security practices and assessments

4 Workgroup Goals u Identify security standards for future use in health care industry u Review and discuss security standards currently being used in health care industry to drive consensus on best practice

5 Founding Organizations u Three founding organizations – NIST – URAC – WEDi

6 NIST u National Institute of Standards and Technology u Founded in 1901 u Non-regulatory federal agency u Within U.S. Commerce Department’s Technology Administration

7 NIST u Mission: To develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life u Responsibilities include development of technical, physical, administrative, and management standards and guidelines for cost-effective security and privacy

8 URAC u Independent, nonprofit organization u Leader in promoting health care quality through accreditation and certification u Offers wide range of quality benchmarking programs and services u Provides symbol of excellence for organizations to validate commitment to quality and accountability u Ensures all stakeholders represented in establishing quality measures

9 WEDi u Workgroup for Electronic Data Interchange u Vision: Improve health care through electronic commerce u Mission: Foster widespread support for the adoption of electronic commerce within health care

10 WEDi u Provides forum for definition of standards, resolution of implementation issues, development and delivery of education and development of strategies and tactics for continued expansion of electronic commerce in health care u Named in HIPAA as one of entities HHS directed to consult

11 HC WG Founding Organization Contacts u Lisa Gallagher, URAC (lgallagher@urac.org) u Arnold Johnson, NIST (arnold.johson@nist.gov) u Mark McLaughlin, WEDi (mark.mclaughlin@mckesson.com)

12 Work to Date u Workgroup holds meetings nearly every month u Covered great deal of information u Information on all past and future Workgroup meetings at: www.urac.org/committees_sworkgroup.asp

13 Work to Date u HIPAA Security Rule u Meeting Safeguard Requirements in Privacy Rule (Section 164.530(c)) u NIST SP 800-30: Risk Management Guide for Information Technology Systems – Describes how to perform a risk analysis – 4 NIST documents cited in final Security Rule

14 Work to Date u NIST SP 800-37: Guide for the Security Certification and Accreditation of Federal Information Systems – Being developed in response to Federal Information Security Management Act of 2002 u NIST SP 800-53: 1 st draft: Recommended Security Controls for Federal Information Systems – Recommended set of controls for low and moderate impact systems

15 Work to Date u Security Self-Assessment Guide for IT Systems and the Automated Security Self-Evaluation Tool (ASSET) – Purpose to automate completion of questionnaire in NIST SP 800-26 – Users able to assess IT security posture for systems and assess status of organization’s security program plan

16 Work to Date u FIPS (Federal Information Processing Standards) Publication 199: Standards for Security Categorization of Federal Information and Information Systems – FIPS Publications meant to apply to federal government agencies – Defines baseline for security categorization standards and potential levels of risk relevant to securing federal information and information systems

17 Work to Date u ISO 17799 Security Standards: Information Technology – Code of Practice for Information Security Management – Detailed security standard organized into ten major sections, each covering a different topic or area – ISO = International Organization for Standardization sells ISO 17799

18 Work to Date u CMS Contractor Assessment Security Tool (CAST) – Provides Medicare Carriers and Intermediaries with standard method of documenting compliance with CMS Core Security Requirements u CMS Internet Security Requirements – Establishes fundamental rules and system security requirements for use of Internet

19 Work to Date u SEI OCTAVE Model for Risk Analysis – Risk-based strategic assessment and planning technique for security u HIPAA-CMM proposed by Corbett Technologies – Standard methodology for assessing health care organization’s compliance with HIPAA security standards u And more ….

20 Disclaimer u Workgroup does not endorse and is not suggesting that entities use any specific products described above, including those for sale only u Rather, Workgroup reviewing range of products in order to develop guidance for industry in implementing HIPAA Security Rule

21 Work Plan u Crosswalk Task Force established u Provide crosswalk of HIPAA Security Rule requirements to existing security standards used in health care u Provide industry with crosswalk matrix to assist with effective implementation of HIPAA by comparing various security standards, which may already be implemented, with HIPAA

22 Crosswalk u Focus of remainder of afternoon u Standards being considered for review: – NIST Special Publication 800 Series – ISO 17799 – CMS Core Security Requirements – CMS Internet Security Requirements – Federal Information System Control Manual (FISCAM) – DoD Information Technology Security Certification and Accreditation Process (DITSCAP)

23 Resources u URAC for Workgroup information, minutes, and presentations www.urac.org/committees_sworkgroup.asp u NIST for SP 800 Series csrc.nist.gov/publications/nistpubs/index.html u WEDi for Security White Papers, including summary of NIST SP 800 documents www.wedi.org/snip/public/articles/index%7E1 0.htm

24 Andrew H. Melczer, Ph.D. Vice President, Health Policy Research Illinois State Medical Society melczer@isms.org

Download ppt "NIST / URAC / WEDi Health Care Security Workgroup Presented by: Andrew Melczer, Ph.D. Illinois State Medical Society."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.

Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.
HISPC-Illinois II The Public-Private Partnership Moves Forward on Privacy and Security.

HISPC-Illinois II The Public-Private Partnership Moves Forward on Privacy and Security.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 1 The Goal of HIPAA: Administrative Simplification HIPAA for Allied Health.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 1 The Goal of HIPAA: Administrative Simplification HIPAA for Allied Health.
U.S. General Services Administration Presentation to: ACT-IAC Cybersecurity SIG Improving Cybersecurity through Acquisition Emile Monette Senior Advisor.

U.S. General Services Administration Presentation to: ACT-IAC Cybersecurity SIG Improving Cybersecurity through Acquisition Emile Monette Senior Advisor.
Interoperability Roadmap Comments Package Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair February 24, 2015.

Interoperability Roadmap Comments Package Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair February 24, 2015.
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
Privacy and Security Workgroup: Big Data Public Hearing December 8, 2014 Deven McGraw, chair Stan Crosley, co-chair.

Privacy and Security Workgroup: Big Data Public Hearing December 8, 2014 Deven McGraw, chair Stan Crosley, co-chair.
Consumer Work Group Presentation Federal Health IT Strategic Plan 2015-2020 January 9, 2015 Gretchen Wyatt Office of Planning, Evaluation, and Analysis.

Consumer Work Group Presentation Federal Health IT Strategic Plan January 9, 2015 Gretchen Wyatt Office of Planning, Evaluation, and Analysis.
Part II Objectives F Describe how policies and procedures are used F Identify different types of P & P F Describe the purpose and components of a Policy.

Part II Objectives F Describe how policies and procedures are used F Identify different types of P & P F Describe the purpose and components of a Policy.
Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.

Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
1-2 Training of Process FacilitatorsTraining of Coordinators 5-1.

1-2 Training of Process FacilitatorsTraining of Coordinators 5-1.
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.

CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.
Information Security Framework & Standards

Information Security Framework & Standards
Simon Brewin Overview of the National Supply Chain Reform Task Force.

Simon Brewin Overview of the National Supply Chain Reform Task Force.
April 11, 2007 Prepared by the North American Energy Standards Board 1 North American Energy Standards Board Standards Development Process.

April 11, 2007 Prepared by the North American Energy Standards Board 1 North American Energy Standards Board Standards Development Process.
Staff Structure Support HCCA Special Interest Group 1-28-03 New Regulations: A Strategy for Implementation Sharon Schmid Vice President, Compliance and.

Staff Structure Support HCCA Special Interest Group New Regulations: A Strategy for Implementation Sharon Schmid Vice President, Compliance and.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 5 HIPAA Enforcement HIPAA for Allied Health Careers.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 5 HIPAA Enforcement HIPAA for Allied Health Careers.

Similar presentations

Ads by Google