
home \| contact

Insight Home

The Basics

Policies and Procedures

Regulations and Standards

Regulations and standards are those forces often outside your organization that directly affect your security program. This can be due to government regulation or community accepted standards that drive your information.

Countermeasures

Attack Techniques

Tools

Exploits

Healthcare Data

by Mary Gail Manes

Understanding our information assets and classifying them into risk-based "buckets" is something we all know we should do, but rarely get around to doing. Government regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act of 1999 (GLB) require that companies implement measures to protect the privacy of individual health and financial information. The legislation requires a risk-based approach which implies (or directly states) that the organization must classify its information assets based on value and risk and then implement appropriate protection measures. This presentation was prepared for the Georgia Healthcare Information and Management Systems Society (HIMSS) Fall Conference and presents an overview of Data Classification and a practical approach for accomplishing the task.

More...

The Information Security Organization's Identity Crisis - Mary Gail Manes
Data Classification and Data Inventory - What's the Difference? - Dave Fentress
What Can a Data Classification Program do for Healthcare Companies? - Dave Fentress
Health Insurance Portability and Accountability Act (HIPAA) Southeast Survey Results - Itillious, Inc.

Home	Services	Partners	About Us	Contact Us
Š2001-2003 by Itillious, Inc. All Rights Reserved. Privacy Policy