Trust is not a Control . . . But you still have to have it. (How I learned to stop worrying and (HI)TRUST Control Compliance Suite)
Presenter: David S. Finn, CISA, CISM, CRISC, Health IT Officer, Symantec
Today, security in healthcare is about demonstrating you are compliant as it is about actually being secure. That creates additional burden not only on IT but Compliance, Auditors - - Internal and External and HIPAA. Complicating things even further is the fact that healthcare, while highly regulated (PCI, SOX, HIPAA, HITECH, ISO requirements, State privacy laws and more) they have not, historically, adopted standard security frameworks such as ITIL, NIST or COBIT). Many of these standard frameworks while effective frameworks don't always "fit" into healthcare. HITRUST, in collaboration with healthcare, business, technology and information security leaders, has established the Common Security Framework (CSF). HITRUST's CSF is a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. Now, Symantec has incorporated the HITRUST's CSF into their Control Compliance Suite to not only manage all the regulations that apply to healthcare across your environment but alert, log and report on your organizational security posture on a custom, real-time basis.
Learning Objectives:
- Understand why a consistent, recognized Security Framework is critical for HIPAA/HITECH compliance and associated audits
- Learn why HITRUST's Common Security Framework is the most appropriate security framework for use in Healthcare
- Recognize and demonstrate the power of combining Symantec's Control Compliance Suite with the HITRUST Common Security Framework