Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
HIPAA Security Risk Analysis-Compliance vs Security

HIPAA Security Risk Analysis-Compliance vs Security

Ratings: (0)|Views: 227|Likes:
Published by Redspin, Inc.
A HIPAA Security Risk analysis can achieve both security and compliance if guided appropriately. By focusing on security, and leveraging a flexible analysis approach, a HIPAA Security Risk analysis can achieve both security as well as HIPAA compliance and meet HITECH Act meaningful use objectives.
A HIPAA Security Risk analysis can achieve both security and compliance if guided appropriately. By focusing on security, and leveraging a flexible analysis approach, a HIPAA Security Risk analysis can achieve both security as well as HIPAA compliance and meet HITECH Act meaningful use objectives.

More info:

Published by: Redspin, Inc. on May 23, 2011
Copyright:Traditional Copyright: All rights reserved

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF or read online from Scribd
See more
See less

05/23/2011

pdf

original

 
 
As an independent provider of security assessments, we are keenly aware of the 2 primary drivers of anobjective security assessment
 –
security or compliance. Roughly, these two views of risk management can bethought of as follows:
 
Security: For organizations in this camp, ensuring that ePHI is protected is mission critical to the business. Anyimpact to data security would be viewed as negatively impacting business value: whether it be monetary, brandvalue or customer loyalty, and minimizing the risk of a data breach is the goal of an assessment
 –
this is pure riskmanagement.
 
Compliance: On the other hand, organizations that are driven by compliance
 –
 
while they don’t necessarily feel
that data security is unimportant
 –
 
the primary driver for doing a security assessment is to “check
-the-
box” that
a HIPAA Security Risk Analysis has been completed per HIPAA or to address HITECH meaningful use objectives.
In reality, of course, both of these objectives often factor into the need to perform a HIPAA Security Risk
Analysis. However, it’s important for healthcare organizations to be able to differentiate between these
drivers, because the value of a risk assessment can be maximized if the effort is guided properly. In fact, withthe right guidance a risk analysis can achieve both.Security vs. Compliance
To understand this, it’s important to understand how compliance relates to security; note the Venn diagram at
left. If one focuses purely on compliance during a risk analysis, then likely there will be a lot of residual riskthat is not identified during the analysis. In fact, there might be some wasted effort as a pure complianceeffort may place too much emphasis on certain areas of analysis that are not necessarily relevant to theenvironment in question (the light blue area of the diagram).
WEB PHONE EMAIL
800-721-9177 INFO@REDSPIN.COM

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->