CEO FEISAL NANJI DISCUSSES TECHUMEN’S STRATEGY FOR HEALTHCARE SECURITY RISK ASSESSMENT.
At Techumen, we follow the National Institute of Standards and Technology (NIST) risk assessment methodology. This process encompasses nine primary steps. The Office of Civil Rights (OCR) which is the body that monitors compliance suggests that a Covered Entity (CE) use the NIST risk based approach for doing a Risk Analysis. Our view is that when the CMS suggests something, this suggestion is an imperative.
To help fully understand your technology risk, you must understand the key data flows. We help you understand and inventory key technology components in your infrastructure. These could be applications, hardware, operating systems, laptops and mobile devices. In other words pretty much anything that receives stores or transmits information is in play.
Book a Free 30 Minute Consultation and Lets Make a Plan Together
Under the HIPAA Security rule and “Meaningful Use” requirements, all electronic Protected Health Information (ePHI) created, received, maintained or transmitted by a “Covered Entity” (CE) and/or “Business Associate” serving a covered entity is subject to the Security Rule. If we assume that information technology powers modern healthcare, then it stores or disseminates virtually everything an entity might know about a patient. Thus ePHI security and privacy is fundamental and paramount to meeting your compliance obligation under federal law.
The Security Rule requires entities to evaluate risks and vulnerabilities in their technology environments and to implement reasonable and appropriate security measures to protect ePHI. In short, an information technology risk analysis is the fundamental security cornerstone the department of Health and Human Services (HHS) expects Covered Entities (CEs) to meet.