Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presenter Gene Geiger, A-LIGN Partner -HITRUST Practitioner -CPA -CISSP -CCSK -QSA -PCIP -ISO 27K LA.

Published byCarol Gray Modified over 8 years ago

Similar presentations

Presentation on theme: "Presenter Gene Geiger, A-LIGN Partner -HITRUST Practitioner -CPA -CISSP -CCSK -QSA -PCIP -ISO 27K LA."— Presentation transcript:

1

2 Presenter Gene Geiger, A-LIGN Partner -HITRUST Practitioner -CPA -CISSP -CCSK -QSA -PCIP -ISO 27K LA

3 AGENDA 1.HITRUST Overview 2.Steps to Certification/Compliance 3.Integration with Existing Audits

4 HITRUST Overview Need for HITRUST – Increased risk to healthcare data – Increased use of technology – Increased concern from consumers – Lack of standardized certification – Lack of standard implementation of existing standards

5 HITRUST Overview What is HITRUST CSF – Certifiable framework for the healthcare industry – Based on ISO 27001 – Integrates HIPAA, HITECH, NIST 800-53, ISO 27001, PCI DSS, FTC, COBIT and State Laws – Tailorable based on the organization

6 HITRUST Overview Control Framework 1.Identify risks and define protection requirements 2.Specify Controls 3.Implement and manage controls 4.Assess and report

7 HITRUST Overview CSF Components – Control Categories Based on ISO 27001 Appendix A 14 control categories (13 security/1 privacy) – Control objectives Desired outcome/Risk reduction 46 control objectives – Implementation requirements Prescriptive (required) control statement 149 implementation requirements

8 HITRUST Overview Implementation requirements – Three levels of requirements – Level 1 is the base level requirement – Levels 2 and 3 build on each other – Based on risk Organizational factors System factors Regulatory factors – Level 1 meets the HIPAA Security Rule Addressable and Required Level 3 Level 2 Level 1

9 Certification/Compliance Scoring of Implementation – Is a policy in place? – Is there a process or procedures to support the policy? – Has it been implemented? – Is it being measured and tested by management to ensure it is operating? – Are the measured results being managed to ensure corrective actions are taken as needed?

10 Certification/Compliance Assessment types – CSF Security Assessment – CSF Security Assessment + Privacy – CSF Comprehensive Security Assessment – Comprehensive Security Assessment + Privacy – NIST Cyber Security Assessment

11 Certification/Compliance Assessment methods – Self Assessment – Validated Assessment – SOC 2 Plus HITRUST – SOC 2 Plus HITRUST Plus HITRUST Certification Self Assessment Validated Assessment SOC 2 Plus HITRUST SOC 2 Plus HITRUST Plus HITRUST Certification

12 Certification/Compliance MyCSF Tool Costs – Paid directly to HITRUST – Self Assessment Reports are $2,500. – Validated Assessment Reports range from $3,750-$7,500 Based on organizations annual revenue – Annual subscription starts at $12,500 for most Not required Unlimited access Results are stored in MyCSF to be used for the following year

13 Integration with Existing Audits Establish your compliance roadmap Identify overlap in controls – HITRUST supplied mapping – Additional mapping resources Synchronize audit timing Consolidate audit evidence Consolidate audit firms Save time and money Reduce audit fatigue

14 Questions? 888.702.5446 | www.A-LIGN.com | info@a-lign.com

Download ppt "Presenter Gene Geiger, A-LIGN Partner -HITRUST Practitioner -CPA -CISSP -CCSK -QSA -PCIP -ISO 27K LA."

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP www.ScottandScottllp.com.

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP
ISACA January 8, 2013. IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.

ISACA January 8, IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.
Agenda What is Compliance? Risk and Compliance Management

Agenda What is Compliance? Risk and Compliance Management
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Www.lbmc.com HITRUST, HIPAA, & HITECH TURNING COMPLIANCE INTO COMPETITIVE ADVANTAGE Mark Fulford, Partner Thomas Lewis, Partner LBMC Risk Services.

HITRUST, HIPAA, & HITECH TURNING COMPLIANCE INTO COMPETITIVE ADVANTAGE Mark Fulford, Partner Thomas Lewis, Partner LBMC Risk Services.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.

Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.
200 International Dr., Buffalo, NY 14221-5794 (716) 634-8800 Lifting the Fog to See the Cloud Information Security.

200 International Dr., Buffalo, NY (716) Lifting the Fog to See the Cloud Information Security.
The Regulation Zoo: Dealing With Compliance Within The Firewall World

The Regulation Zoo: Dealing With Compliance Within The Firewall World
CSF Roadmap 2015 and Beyond Presented By Bryan S. Cline, Ph.D.

CSF Roadmap 2015 and Beyond Presented By Bryan S. Cline, Ph.D.
Security Controls – What Works

Security Controls – What Works
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
© 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Consultancy.

Consultancy.
A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1.

A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1.
Information Security Update CTC 18 March 2015 Julianne Tolson.

Information Security Update CTC 18 March 2015 Julianne Tolson.

Similar presentations

Ads by Google