http://www.compliancehome.com/ ComplianceHome is one of the Web's largest library of resources for compliance management of HIPAA, SOX, FISMA, GLBA, FDA, FFIEC, Basel II, OSHA and ISO 27002/17799. Visit our directories which are the best source on White papers, related news articles, resources on the web, training, webinars, conferences, rules & regulation overview, ask the expert, job and search on vendors, solutions & products. http://www.compliancehome.com/images/rsslogo.gif http://www.compliancehome.com/ en-us Wed, 20 Oct 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract12003.html This paper is an attempt to provide some guidelines on how organizations can approach ICD-10 testing. As this paper shows, the task is complex, requiring careful planning and co-ordination among vendors, trading partners and within the organization. The testing for ICD-10 promises to be much more substantial than the testing for NPI and 5010 put together. This is owing to various factors such as: Overarching impact of ICD-10 across process & systems Number of covered entity participants which are involved Current limitations of test environments in healthcare organizations The above can be a hindrance in supporting a full-scale end-to-end testing, they need to be handled carefully. Since ICD codes play a key role in many business processes, it is recommended that thorough testing be done. http://www.compliancehome.com/whitepapers/HIPAA/abstract12003.html Wed, 20 Oct 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract12000.html Penetration Testing should do more than assess the external network for obvious flaws. Discover how enhancing the penetration testing process will ultimately lead to a stronger and more compliant security posture. http://www.compliancehome.com/whitepapers/HIPAA/abstract12000.html Fri, 24 Sep 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract12001.html When the deadlines for ICD-10 implementation were extended to 2013, the health care industry seemed to heave a huge collective sigh of relief. Hospitals, physicians and payers had been united in their requests for extensions, citing the time required for system and process changes to adopt the new standards.1 Equally important to the industry, extensions had also been granted for implementation of the x12 HIPAA 5010 (5010) transaction sets, which were known to be the critical predecessor to ICD-10 success. http://www.compliancehome.com/whitepapers/HIPAA/abstract12001.html Mon, 05 Jul 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11984.html The move away from paper-based medical records systems to electronic medical records (EMR) is rightly viewed as a step towards improving patient outcomes, increasing clinician productivity, and lowering costs. The transition, however, is often hampered by the challenge of providing secure access to patient information, particularly given the increased focus on regulatory compliance. From an IT perspective, the mandate is clear: access to patient information must be not only secure but also fast, convenient, and reliable. Technologies that provide security but frustrate cliniciansby slowing them down or adding steps to their everyday taskswill slow adoption of EMR to a crawl. Likewise, because clinicians are responsible for any changes to medical records made in their name, they will resist adoption unless safeguards are in place to ensure that every EMR change attributed to them was actually made by them. In the U.S., slow adoption can ultimately disqualify a hospital from receiving http://www.compliancehome.com/whitepapers/HIPAA/abstract11984.html Wed, 23 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11982.html It is difficult for covered entities to evaluate the HIPAA compliance status of the business associates. This questionnaire will help a covered entity to determine the level of understanding of Business associate of HIPAA rule & their compliance status. This PDF file can be sent to Business Associate as PDF file. Business Associate can complete the form, save it and can send it back to the covered entity requesting this form. http://www.compliancehome.com/whitepapers/HIPAA/abstract11982.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11974.html Unix/Linux OS users have passionately embraced either implementing open source privileged identity management solutions (i.e., sudo), commercial solutions that are more user friendly, or not implementing anything at all. Though highly disputed, the fact of the matter is that both solution-types do work and both bring high-value depending upon the IT environment that it is managing. This white paper will illustrate certain positive situations where open source solutions like sudo often work in smaller scale enterprises. However, this white paper will also spotlight red flags that relate to larger companies or companies experiencing significant IT growth. CISOs managing large IT environments, combined with the http://www.compliancehome.com/whitepapers/HIPAA/abstract11974.html Fri, 18 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11972.html The final privacy rules for securing electronic health care became effective in 2003. These regulations require healthcare companies to develop, implement and document the measures they take to ensure that health information remains secure under the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is intended to protect and simplify the exchange of healthcare data nationwide. As of April 2006, all healthcare organizations are required to comply. http://www.compliancehome.com/whitepapers/HIPAA/abstract11972.html Mon, 07 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11968.html The key benefit of creating a case management methodology is to multiply its effectiveness by replicating it across the organization's patient-facing departments, practices and functions. In this way, your organization can reduce costs, increase quality and streamline its operations. Supported by effective processes, tools and information, case management can be a powerful weapon to achieve quality, efficiency and profitability in your organization. http://www.compliancehome.com/whitepapers/HIPAA/abstract11968.html Mon, 07 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11966.html With mobile workforce enablement and wireless technologies now being mandated as a critical business priority, IT organizations must rapidly advance to third-generation mobility. Whereas first- and the second-generation mobility technologies were focused on e-mail access and wireless point-solutions, third generation mobility demands an ubiquitous mobile workflow that is seamlessly integrated into existing business processes and backend systems allowing transparent wireless access to all enterprise applications from any network without requiring system modifications or new hardware. At the same time, next-generation mobility demands bulletproof security and effortless compliance with audit trail requirements mandated by Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standards (PCI DSS), and other regulations. http://www.compliancehome.com/whitepapers/HIPAA/abstract11966.html Mon, 07 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11964.html Over the last 30 years, companies have significantly changed their approach to ensuring that their businesses can continue to run in the event of a catastrophe. In the 1970s, IT departments responsible for companies information-based assets focused on the recovery of the data center and associated networks. By the 1990s, the focus had shifted to business units. The commitment of management became a critical success factor in the development of business continuity plans, as both IT and the business were required to develop those plans. As a result of 9/11, organizations extended business continuity planning to create enterprise-wide plans. Today, executive management is much more involved in ensuring the success of the plans, and the focus has shifted from power, hardware, and software outages to regulatory requirements, business requirements, and non-traditional events such as terrorist attacks. Read this white paper to learn how business continuity and disaster recovery solutions can http://www.compliancehome.com/whitepapers/HIPAA/abstract11964.html Mon, 07 Jun 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11963.html One would think that the enactment of the HIPAA, with its mandates on data security and privacy, would have brought a major shift in the security management practices within the US healthcare. Unfortunately, recent industry reports indicate low levels of regulatory compliance, thus raising security concerns for the US health IT infrastructure. This research develops a regulatory compliance model by drawing insights from the institutional theory literature to identify the key drivers influencing HIPAA compliance, both institutional and market forces (e.g., variability in state-level privacy laws comprehensiveness, interdependency between privacy and security rules, pressure from compliance leaders in the region, compliance officer's functional background, and the consumer concern for privacy). http://www.compliancehome.com/whitepapers/HIPAA/abstract11963.html Tue, 25 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11961.html The global economy is pushing businesses in virtually every industry to work faster and smarter. The company that cant respond to a customer need almost immediately is destined to lose out to a more nimble competitor that can meet that need. It comes down to agility how fast a company can adapt to change and respond to demands. This white paper discusses the issues important in designing a process for user-to-user secure file transfer that simultaneously enhances business agility while ensuring that your methods for handling private information adhere to your security and privacy policies. The solution described in this white paper has been chosen by numerous companies in industries that are regulated by Sarbanes-Oxley, HIPAA and other legislation in order to increase their security posture. Read this white paper to learn more http://www.compliancehome.com/whitepapers/HIPAA/abstract11961.html Mon, 17 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11949.html There are many commercially available information security tools on the market, many of which can help with HIPAA and HITECH compliance. At a minimum, meeting HIPAA and HITECH compliance requires 4 security solutions. First, a firewall and Intrusion Prevention System (IPS), however most modern IPS devices include firewall functionality as well. Second, a Database Monitoring system (DAM, or DBM) and/or an Application Monitoring system to monitor, protect, and log all access to sensitive data. Third, a Log Management system to store all logs in a secure manner, for audit purposes. Finally, a Security Information & Event Management system (SIEM) to bring all the required event and asset data together, for incident detection, response, and reporting purposes. This document details the specific product functionality that applies specific HIPAA and HITECH requirements. http://www.compliancehome.com/whitepapers/HIPAA/abstract11949.html Mon, 17 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11948.html The American Recovery and Reinvestment Act of 2009 became federal law February 17. It includes provisions for heightened enforcement of HIPAA and stiffer penalties for privacy and security violations. It also allocates billions of dollars to invest in the implementation and exchange of health information technology, such as electronic health records (EHR). http://www.compliancehome.com/whitepapers/HIPAA/abstract11948.html Mon, 03 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11943.html Two new federal laws, ARRA and the HITECH Act, aim to do what many say HIPAA has failed to do for the past 14 years: force health care facilites to get serious about protecting patient health care records. However, with budget challenges, fragmented policies and lack of security awareness, many institutions are a long way from compliance. The good news is there\'s still time for tech vendors and affected institutions - such as health plans, health care clearinghouses and health care providers, as well as insurance firms, benefits managers and payment systems providers - to get their tools, capabilities and practices in place. http://www.compliancehome.com/whitepapers/HIPAA/abstract11943.html Mon, 03 May 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11937.html Just like wired networks, 802.11 wireless LANs require network policies that are designed, implemented, and enforced to maximize network performance and reduce exposure to the inherent security flaws in 802.11 wireless LANs. The many benefits and expected return on investment of a wireless LAN can be wiped out if a security and management policy is not in place and enforced. This paper is designed to guide network administrators and security managers to design, implement, and enforce wireless LAN security policies that enable every organization to fully reap the benefits of wireless LANs without experiencing undue management pains and security holes. This paper will also cover how organizations can comply with regulatory policies like HIPAA, PCI, GLBA - Safeguards Rule, DoD 8100.2, Sarbanes-Oxley Act etc. http://www.compliancehome.com/whitepapers/HIPAA/abstract11937.html Tue, 13 Apr 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11928.html Many news analysts, scholars, and politicians alike are calling the current times the Healthcare decade. President Obama has supported the above notion with his continued calls for healthcare reform and many other initiatives that have been in and out of the news since he took office. This paper discusses the initiative known as the American Reinvestment and Recovery Act (ARRA), signed into law on February 17, 2009. The specific area of the law that is of interest is the Health Information Technology for Economic and Clinical Health (HITECH) Act. HITECH is called by many the law that gives teeth to Health Insurance Portability and Accountability Act (HIPAA). One of the first steps in lowering healthcare costs while maintaining high quality is to adopt and implement Electronic Medical Record (EMR) systems across the industry. As part of this legislation, the federal government has allocated huge incentives for health organizations that upgrade their current paper-based systems to EMR sy http://www.compliancehome.com/whitepapers/HIPAA/abstract11928.html Tue, 13 Apr 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11926.html The Health Insurance Profitability and Accountability Act (HIPAA) and Payment Card Industry (PCI) regulations are top priorities at Aurora Health Care, and significant time and resources are required to audit and document IT and security policy compliance. Both industry regulations require organizations to secure important systems on their network, those systems containing patient information for HIPAA and those relating to credit card processing for PCI. In this case study, learn how Aurora automated the auditing of their network and systems, documented compliance status and proved due diligence to their auditors. http://www.compliancehome.com/whitepapers/HIPAA/abstract11926.html Tue, 13 Apr 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11925.html The goal of the HIPAA Security Rule is to ensure the protection of electronic healthcare information that may be at risk. However, many healthcare organizations struggle to perform the tasks required for HIPAA compliance, especially if many of those tasks are manual. What's needed is a solution to automate and simplify HIPAA Security Rule compliance; one that can reduce manual efforts and produce consistent results. Download this guide to see how nCircle can help automate and simplify HIPAA compliance. http://www.compliancehome.com/whitepapers/HIPAA/abstract11925.html Fri, 09 Apr 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11920.html Many years ago, the Health Insurance Portability and Accountability Act (HIPAA) promised to overhaul the healthcare industry by, in part, mandating protective measures on sensitive healthcare records. The HIPAA Privacy and Security Rules ended up not having the impact many expected. Years after both rules took effect, data breaches are still occurring. This era may soon come to an end. The Health Information Technology for Economic and Clinical Health Act (a.k.a. HITECH Act) which officially took effect February 18, 2010is going to fundamentally change the way organizations do business in the healthcare industry once and for all. This brief white paper explains what HIPAA and HITECH are and what they mean for your organization. http://www.compliancehome.com/whitepapers/HIPAA/abstract11920.html Fri, 09 Apr 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11917.html Instituting prudent procedures in the ongoing operation of retirement programs is paramount in managing the risks associated with retirement programs; investment risk, expense risk (both investment & plan), fiduciary risk and organization reputation risk. In this litigious and regulatory environment, underscored by increased congressional interest in fees charged to plans, it is clear that plan service providers with complex payment structures, such as revenue sharing arrangements, must be mindful that their acts are causing enormous fiduciary issues and concerns to plan sponsors. http://www.compliancehome.com/whitepapers/HIPAA/abstract11917.html Fri, 09 Apr 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11915.html In an effort to improve business security, compliance and productivity, privilege authorization policies must be redesigned and user permissions more granularly managed. Read this white paper for a discussion on how your enterprise can empower IT to eliminate the risk of intentional, accidental and indirect misuse of privileges on desktops and servers using globally proven Privilege Identity Management (PIM) solutions that increase security and compliance without impacting productivity. http://www.compliancehome.com/whitepapers/HIPAA/abstract11915.html Fri, 09 Apr 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11914.html When the U.S. Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in 1996, among the laws many provisions was the establishment of formal regulations designed to protect the confidentiality and security of patient information. In February of 2009, with the passage of the HITECH Act (Health Information Technology for Economic and Clinical Health Act)part of the American Recovery and Reinvestment Actthe U.S. Congress gave teeth to the HIPAA law. The HITECH Act mandates a massive expansion in the exchange of electronic protected health information (ePHI), which means it also broadens the scope of privacy and security protections available under HIPAA. The HITECH Act strengthens these privacy and security standards, expands the scope of accountability, and increases the penalties of HIPAA. HIPAA/HITECH compliance and reporting are now mandatory. http://www.compliancehome.com/whitepapers/HIPAA/abstract11914.html Wed, 31 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11910.html As more and more healthcare providers adopt advanced life-saving digital technologies and administrators seek to ensure compliance with an array of regulations, the demand for secure, reliable, high bandwidth connectivity continues to rise. BCDR, EMR, CPOE, PACS, ERP, RFID, and HIPAA are just a few of the technologies and regulations that are changing the way healthcare is delivered, and helping to save lives. Uncertainty about these regulations and technologies affects systems and practices, but also affects data security and the amount of data that flows between locations in a healthcare organization. For applications such as EHRs, PACS and CPOE bandwidth demands are high, and as more physicians appreciate how these technologies can help improve the quality of care that they deliver to patients, adoption is escalating. http://www.compliancehome.com/whitepapers/HIPAA/abstract11910.html Wed, 31 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11909.html Symantec is Healthcare! Your patients trust you with their lives, let them also trust you with their data. Symantec provides products and services to reduce the challenges Healthcare Providers are having in Storing, Securing and Sharing protected health information in support of the US Governments definition of meaningful use. Symantecs Security and Compliance solution will reduce the risk associated with breaches of Protected Health Information (PHI), proactively protect PHI, train all employees on the proper handling of PHI, per HIPAA and The Joint Commission requirements. Symantecs compliance solution will reduce the organizations overall resources required to comply with the various industry regulations like HIPAA, HITECH, PCI and The Joint Commission. http://www.compliancehome.com/whitepapers/HIPAA/abstract11909.html Sat, 27 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11902.html This whitepaper focuses on email security and retention considerations for the healthcare industry, focusing on the Health Insurance Portability and Accountability Act (HIPAA). It provides detailed information about the HIPAA rules as they relate to email transmission, as well as recommendations on how a healthcare organization can ensure that its messaging infrastructure is compliant with HIPAA. http://www.compliancehome.com/whitepapers/HIPAA/abstract11902.html Sat, 27 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11901.html The American Healthcare system is getting a complete facelift thanks to incentives to adopt Health Information Technology introduced by the Health Information Technology for Economic and Clinical Health (HITECH) Act. Signed into law by President Barack Obama in February 2009, the HITECH Act is part of the American Recovery and Reinvestment Act. It is also part of the broader healthcare reform initiative championed by President Obama. That agenda includes a push for the adoption of interoperable data capture, storage and transmission protocols in healthcare systems. New health information technology is considered to be a vital step in the drive to reduce costs, gain efficiencies, and ultimately to improve patient care. http://www.compliancehome.com/whitepapers/HIPAA/abstract11901.html Sat, 27 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11900.html Healthcare payers and providers are facing two major compliance initiatives over the next couple of years: conversion from the HIPAA 4010 electronic transaction set to the 5010 set and conversion from ICD-9 codesets to ICD-10. These initiatives will impact nearly every core process, system and interface across the industry, and industry costs are expected to be in the billions of dollars. Although healthcare stakeholders are facing 2012 and 2013 regulatory deadlines, few have begun actively planning for conversion. Industry research has shown that many organizations are still in the information gathering phase, trying to assess potential impacts on themselves, their vendors and business partners. http://www.compliancehome.com/whitepapers/HIPAA/abstract11900.html Tue, 23 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11899.html A new privacy regulation in Massachusetts has evoked anxiety for many, but the requirements, which have been referred to as the strictest in the nation, may prove to be no big deal. The legislation differs from other state disclosure bills because it insists that organizations take measures to protect information, as opposed to other guidelines that only require companies alert customers should their data be compromised. A number of experts we spoke with for this ebook, say that for companies already in line with PCI or HIPAA, tweaking their security practices should not be a burden. http://www.compliancehome.com/whitepapers/HIPAA/abstract11899.html Tue, 23 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11898.html The goal of the HIPAA Security Rule is to ensure the protection of electronic healthcare information that may be at risk. However, many healthcare organizations struggle to perform the tasks required for HIPAA compliance, especially if many of those tasks are manual. What's needed is a solution to automate and simplify HIPAA Security Rule compliance; one that can reduce manual efforts and produce consistent results. Download this guide to see how nCircle can help automate and simplify HIPAA compliance. http://www.compliancehome.com/whitepapers/HIPAA/abstract11898.html Tue, 23 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11894.html The security-focused Health Insurance Portability and Accountability Act (HIPAA) federal regulation became effective April 2005, requiring many companies to review the health of their systems that create, receive, transmit or maintain health information. If your company is subject to HIPAA, is it prepared to meet the requirements of the Security Rule? http://www.compliancehome.com/whitepapers/HIPAA/abstract11894.html Tue, 23 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11893.html The security and privacy of Personal Health Records (PHR) has long been a hot button within the healthcare industry. The movement from paper to electronic records was first addressed with HIPAA (The Health Insurance Portability and Accountability Act) in 1996 and continues to be updated with new documents and implementations over time, most recently with the 5010 update. While HIPAA encouraged the use of Electronic Medical Records (EMR), little was done in the way of enforcing these recommendations or to encourage the investment in improving processes and securing patient information. http://www.compliancehome.com/whitepapers/HIPAA/abstract11893.html Tue, 23 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11892.html Among tax cuts and credits, more bailout fund requirements, and restrictions on executive pay packages, the American Recovery and Reinvestment Act of 2009 (ARRA) also includes a section that expands the reach of the Health Insurance Portability and Accountability Act (HIPAA) and introduces the first federally mandated data breach notification requirement. Title XIII of ARRA, also known as the Health Information Technology for Economic and Clinical Health Act (HITECH Act), reserves $22 billion to http://www.compliancehome.com/whitepapers/HIPAA/abstract11892.html Mon, 15 Mar 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11883.html Driven by an accelerated increase in identity theft, consumer fraud, and other personal informationrelated thefts, industry groups and federal and state governments have taken aggressive steps to hold companies and their management accountable for confidential information disclosures. Similarly, enterprises are facing significant challenges in preventing the theft or accidental disclosure of intellectual property (IP) and corporate trade secrets. Ultimately, the challenge of establishing and implementing effective personal information and IP protection solutions falls upon the shoulders of IT management and staff. Securing personally identifiable information (PII) and IP has become a high priority for enterprise management and IT. Read this IDC paper to learn more. http://www.compliancehome.com/whitepapers/HIPAA/abstract11883.html Wed, 24 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11866.html The continued adoption of electronic medical records, PACS and other health information, systems are becoming an increasingly integral part of the delivery of patient care. With vital patient information residing in electronic health records and images, tolerance for system downtime is approaching zero. In addition, if patient data is lost or corrupted, HIPAA and JCAHO data integrity and data protection requirements could be at risk. Whether you're a local community hospital or national health network, this paper outlines seven key tips that every healthcare organization should consider to protect the availability of healthcare information systems. From reducing human error, to understanding the key differences between high availability and disaster recovery, to selecting the right hardware and storage components, this paper provides an overview of the key steps necessary to ensure the availability and integrity of your healthcare information systems. http://www.compliancehome.com/whitepapers/HIPAA/abstract11866.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11861.html EIU white paper based on global survey of 320 executives on their views of managing risks associated with changing, and global, regulations. http://www.compliancehome.com/whitepapers/HIPAA/abstract11861.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11860.html Properly defining, controlling and monitoring administrative privileges in IT systems continue to be significant challenges for organizations of all sizes. And while in the past, controlling privileged accounts made good business sense, today, it is mandated by regulations such as Sarbanes-Oxley (SOX) Section 404, the Federal and North American Energy Regulations Commission (FERC/NERC), HIPAA 2, and even state level regulations such as the California Information Practice Act and the Massachusetts privacy law 201CMR17. In addition to the increased potential for failing IT security audits, sharing root and other privileged accounts can lead to a significant increase in the risk of fraudulent activities by employees, an even bigger threat to corporate value. http://www.compliancehome.com/whitepapers/HIPAA/abstract11860.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11859.html The continued adoption of electronic medical records, PACS and other health information, systems are becoming an increasingly integral part of the delivery of patient care. With vital patient information residing in electronic health records and images, tolerance for system downtime is approaching zero. In addition, if patient data is lost or corrupted, HIPAA and JCAHO data integrity and data protection requirements could be at risk. Whether you're a local community hospital or national health network, this paper outlines seven key tips that every healthcare organization should consider to protect the availability of healthcare information systems. From reducing human error, to understanding the key differences between high availability and disaster recovery, to selecting the right hardware and storage components, this paper provides an overview of the key steps necessary to ensure the availability and integrity of your healthcare information systems. http://www.compliancehome.com/whitepapers/HIPAA/abstract11859.html Sun, 14 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11851.html There are a number of steps a healthcare provider must undertake to meet the Technical Safeguards mandated in the Security Rules of Title II (Administrative Simplification) of the Health Insurance Portability and Accountability Act (HIPAA). With EventTracker a healthcare provider can be confident they have the solution in place to help effectively meet audit requirements http://www.compliancehome.com/whitepapers/HIPAA/abstract11851.html Mon, 01 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11844.html EIU white paper based on global survey of 320 executives on their views of managing risks associated with changing, and global, regulations. http://www.compliancehome.com/whitepapers/HIPAA/abstract11844.html Mon, 01 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11843.html There are a number of steps a healthcare provider must undertake to meet the Technical Safeguards mandated in the Security Rules of Title II (Administrative Simplification) of the Health Insurance Portability and Accountability Act (HIPAA). With EventTracker a healthcare provider can be confident they have the solution in place to help effectively meet audit requirements http://www.compliancehome.com/whitepapers/HIPAA/abstract11843.html Mon, 01 Feb 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11832.html One of the major challenges faced by the enterprise is the re-identification of de-identified data that leads to Data Disclosure. This paper discusses the scenarios which bring the need for de-identification of data and what leads to the data disclosure of such deidentified data .The paper aims to share insights that help Data Custodians in an enterprise, Security Auditor, Risk and Compliance Group, Data Security Subject Matter Expert and the curious minds of the database world. http://www.compliancehome.com/whitepapers/HIPAA/abstract11832.html Fri, 22 Jan 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11831.html Microsoft Exchange Server, one of the most important production systems in many organizations, is a system consisting of many moving parts that need thorough and secure maintenance. In most companies, groups of two or significantly more IT professionals manage the E-mail infrastructure configuration and without detailed auditing of who did what, where, and when, it is not be possible to detect inadvertent or unauthorized changes to private E-mails with sensitive financial information. The white paper describes different approaches to regular and consistent auditing of changes to Exchange server configuration and permissions. http://www.compliancehome.com/whitepapers/HIPAA/abstract11831.html Fri, 22 Jan 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11830.html Failure to maintain change documentation for managed servers is one of the worst things IT professionals can do. Even minor server reconfigurations can potentially impact users and cause major disruptions to business processes. Every time a change is made it must be properly documented for compliance purposes and communicated to all team members to ensure manageability. This white paper outlines major challenges related to management of changes in server configurations and summarizes possible solutions. http://www.compliancehome.com/whitepapers/HIPAA/abstract11830.html Fri, 22 Jan 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11829.html Database servers are typically managed by DBAs, but as long as they support line of business applications, such as CRM and ERP systems, they are frequently touched by application administrators, who change settings, database structure, and perform other tasks DBAs may not be aware of, bringing the question of auditing and compliance to the table for many organizations relying on database servers. This white paper describes the importance of auditing in MS SQL Server environments and suggests different ways of implementation. http://www.compliancehome.com/whitepapers/HIPAA/abstract11829.html Fri, 22 Jan 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11828.html Change auditing is one of the key processes that must be implemented in Active Directory in order to get control of changes done by multiple IT administrators, thus protecting sensitive financial information. One single change can put an entire organization at risk, introducing security breaches and compliance issues. Therefore 100% of changes must be tracked and carefully reviewed for possible violations. This white paper describes different approaches to change auditing in Active Directory, talks about their pros and cons. http://www.compliancehome.com/whitepapers/HIPAA/abstract11828.html Fri, 22 Jan 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11827.html Windows Group Policy controls essential security and operational aspects of most enterprises that rely on Microsoft-based infrastructure. Without fine-grained auditing of Group Policy, IT departments risk missing major changes that can adversely impact security and business continuity. This white paper describes the topic of auditing in detail and introduces several technologies that can help to overcome the challenge. http://www.compliancehome.com/whitepapers/HIPAA/abstract11827.html Fri, 22 Jan 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11826.html Password expiration is a well-known pain for IT help desk personnel. Requests to reset expired passwords can build up to a sizable portion of the total help desk workload, costing both time and money. This whitepaper describes how to prevent password expiration issues proactively. http://www.compliancehome.com/whitepapers/HIPAA/abstract11826.html Fri, 22 Jan 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11825.html Virtualization brings great advantages to all organizations, but just like any other infrastructural component, it must be properly secured and audited for increased control of sensitive data and compliance. This white paper gives an overview of auditing in virtualization environments, such as VMware Virtual Center and Microsoft System Center Virtual Machine Manager, and introduces several auditing solutions. RE http://www.compliancehome.com/whitepapers/HIPAA/abstract11825.html Fri, 22 Jan 2010 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11824.html On the one hand, account lockouts provide a good base for implementing secure password policies and protecting private data. On the other hand, they cause a lot of burden to the IT help desk. The white paper covers the account lockout management process and introduces new cost-effective workflows of account lockout resolution, describing what significant ROI enterprises can achieve through the use of the automated management solutions. http://www.compliancehome.com/whitepapers/HIPAA/abstract11824.html