Having problems with message search?
For those who are planning to attend the Mitigation Planning Workshops (The first one is this FRIDAY!), The HIPAA/NIST SP 800-53 Security Controls Crosswalk document is now available for download/access from http://www.complyassistant.com/docs/SP800-53Crosswalk.pdf .
You may also want to refer to DRAFT NIST SP 800-53 ( http://csrc.nist.gov/publications/drafts/draft-SP800-53.pdf) to see what security controls you might want to consider to address administrative, physical, and technical Safeguards.
The other document we will be using for the workshops is the HIPAA Security Best Practices which can be downloaded from http://www.complyassistant.com/docs/BestPractices.pdf .
Look forward to your participation!
Regards,
Barbara McGowin, CPC
Executive Recruiting
HIT Recruiting
(843) 824-8537
mcgowins@...
Connecting Healthcare Organizations with People,
Products and Services to Achieve HIPAA Compliance.
Executive Recruiting
HIT Recruiting
(843) 824-8537
mcgowins@...
Connecting Healthcare Organizations with People,
Products and Services to Achieve HIPAA Compliance.
Rob Collins <rycollins@...> wrote:
Blass Consulting LLC, HIT Recruiting, and Rob Collins, Director – Healthcare Consulting, Data Warehouse Network USA
Mitigation Planning Workshop #1
Administrative Safeguards (45 CFR Section 164.308)
When: Friday, September 10, 2004 11:00 AM Eastern Time
Where: Dial-in only
Telephone number (712) 580-0100
Access code: 959488# (no registration required)
Mitigation Planning Workshop #2
Physical Safeguards (45 CFR Section 164.310)
When: Friday, September 17, 2004 11:00 AM Eastern Time
Where: Dial-in only
Telephone number (712) 580-0100
Access code: 959488# (no registration required)
Mitigation Planning Workshop #3
Technical Safeguards (45 CFR Section 164.312)
When: Friday, September 24, 2004 11:00 AM Eastern Time
Where: Dial-in only
Telephone number (712) 580-0100
Access code: 959488# (no registration required)
Link to the document: http://www.complyassistant.com/docs/BestPractices.pdf
Background
For a recent HIPAA security gap assessment, the client included a requirement that we ensure the proposed remediation plan will bring them into compliance with the HIPAA Security Standards .An interesting challenge. Skipping past the obvious responses, decided the best approach was to develop a “best practices” document as a means to collaborate that our proposed remediation plan was based on common industry and government security guidelines, processes and procedures. The resulting document was based on NIST Guidance for HIPAA Implementation (DRAFT NIST SP 800-66), supplemented by common security practices and a crosswalk of the HIPAA Administrative, Physical, and Technical Safeguards to NIST recommended security controls (DRAFT NIST SP 800-53). This is one approach; others in the HIPAA community may have chosen a different approach.
Realizing that this document is a first cut at drafting a "Best Practice" guideline, sent the document to Barbara McGowin asking for her input on 1) sanity check, 2) content review, and 3) how to solicit input from the HIPAA community.
After reviewing the document, Barbara asked me to develop a mitigation planning tool to assist CEs and business associates in their mitigation work plan development for 45 CFR Sections 164.308, 164.310, and 164.312. In response to this request, developed the "working" document that is available via the link shown above. For each of the sections, have provided:
The actual verbiage from the HIPAA Security Rule
The recommended NIST publications for each 45 CFR Section (based on DRAFT NIST SP 800-66)
Common security practices
Crosswalk of NIST management, operational, and technical security controls (taken from DRAFT NIST SP 800-53). Am publishing the cross walk as a separate document.
In order to make this Mitigation Planning Tool useful to the Health Care Industry, would appreciate your input. You may send any suggestions or comments to me directly via email. You are also invited to participate in the Mitigation Planning Workshops (dates, time, dial-in phone number and access code provided above). Upon completion of the workshops the document will be updated with your suggestions and provided freely to all via the ShareHIPAA group. It will also be made available from the Free Tools section of www.complyassistant.com
Thanks in advance for your welcomed input.
Rob
Rob Collins
Director, Healthcare Consulting, Data Warehouse Network USA
Phone: (732) 282-1931
email: rycollins@...
Offline 
Send Email