IT Compliance Advisor

Jan 5 2010   6:47PM GMT

IT security and health care compliance resources to start 2010 strong

GuyPardon Guy Pardon Profile: GuyPardon

Last week, we looked back at the top IT compliance management news stories of 2009. From tougher state data protection laws to compliance in the cloud, 2009 held plenty of IT compliance management headaches. We’ll be posting our predictions for 2010 later this week. In the meantime, IT professionals have arrived back in the office and are confronted with the same compliance challenges that existed before the holidays.

What to do?

First, focus on compliance.

1. Build data protection around intrusion detection and access controls.

As contributor John Weathington recommends, begin with a comprehensive data governance and compliance strategy and build data protection practices upon intrusion detection and access controls.

2. Look to the Unified Compliance Framework for common ground.

Compliance professionals and vendors are turning to the Unified Compliance Framework as a common language for overlapping compliance standards.

3. Review our FAQ on mandatory encryption standards and IT operations.

Learn how emerging mandatory encryption standards will affect IT operations.

4. Get a grip on addressing compliance requirements in cloud computing contracts.

As CIOs look to cloud computing for data backup and storage, compliance requirements must be spelled out and met, or the data will be brought back down to earth.

Second, focus on IT security.

The following compliance resources from SearchSecurity.com will be helpful to IT professionals preparing for renewed security challenges this year.

1. Learn how to create an identity theft prevention plan for FTC Red Flags Rules.

Under the FTC’s Red Flags Rules, all financial institutions and creditors with covered accounts are required to create an identity theft prevention plan. The FTC may have extended the enforcement deadline for the Red Flags Rule to June 1, 2010, but five months will go by quickly.

2. Review this guide to internal and external network security auditing.

Contributor Stephen Cobb covers the baseline network audit processes that a security professional should absolutely conduct regularly.

3. Consider the benefits of ISO 27001 and ISO 27002 certification for your enterprise.

If your enterprise is considering becoming ISO 27001 and 27002 certified, there are several important questions to ask.

4. Get up to speed on privileged account management.

Sarbanes-Oxley compliance requirements and data security concerns are accelerating growth of the privileged account management market.

5. Weigh the pros and cons of end-to-end encryption and tokenization.

Tokenization and end-to-end encryption have emerged as promising technologies, but both have benefits and drawbacks that organizations must weigh.

6. Learn how frameworks and technology can help your PCI DSS compliance efforts.

This mini-guide offers a variety of tips on how organizations can use several frameworks, technologies and standards to help manage PCI DSS efforts and ease the compliance burden.

Finally, focus on health care

… that is, if health care compliance is your responsibility.

If you work in healthcare, SearchSecurity.com published a helpful HIPAA compliance manual that will be useful for IT professionals entrusted with health care compliance. Included in the guide is a HIPAA compliance training, audit and requirement checklist, including advice on how to prepare for a security audit.

Here are several other useful stories and tips on health care compliance:

1. Personal health records not measuring up in privacy, say advocates

The federal government has called for greater use of personal health records as part of electronic health record systems. Advocates say PHRs fall short in data control, privacy and security.

2. Growing health information exchanges show lower costs, better care

Some health care organizations such as health information exchanges are showing improved efficiency, lower costs and better patient care using EHRs.

3. Encryption tops new rules of electronic health records compliance

When it comes to electronic health records and personal health information, secure storage can have many meanings, but only one that counts: Encrypt data as many ways as you can.

For more on HITECH and HIPAA compliance, also review:

Reblog this post [with Zemanta]

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • FranzB
    Typically, most people would think that affordable health care cost will be a great help for consumers, but not on the part of some employers who tend to benefit from their workers health care cost. Employees are being forced to pay a greater portion of total health care costs according to a study out this week. Workers are seeing health insurance costs take a bigger bite out of take-home pay as companies conserve cash on health care costs. The proof is here: [B][A href="http://personalmoneystore.com/moneyblog/2010/09/02/health-care-costs/"]Companies survive by shifting health care costs to workers[/A][/B] Analysts say the shift in health care costs is a corporate survival strategy as the U.S. economy continues to falter. With the labor market so bad, workers would rather pay more in order to simply keep their jobs.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: