Confluence of HIPAA security audits and increasing attacks from the Internet creates pressure on health care organizations to protect their patient information: http://www.networkworld.com/news/2008/022708-healthcare-cyberattacks.html
The four important questions to ask for any custodian of sensitive information should be:
What information exists on my systems
Where is it located
Who has access
How is it protected
I believe the only way to find out what information exists, cataloguing and classification is a necessity. To find out where it is, the repositories containing information must be scanned, and content then classified based on this scan. To ensure that only users who need access, has access, entitlement management is key. The information that is classified should then be protected.
This cannot be achieved with technology alone. People, Process and Technology all go hand in hand to solve this problem.
How to secure sensitive information, data loss prevention, for sensitive data in corporations and other organizations, (ILP,CLP,DLP). It covers personal identifiable information, personal health information, credit card information, PII, PCI, PHI etc, and how to protect it. All opinions are mine, and not of my employer or any other organization. For terms of use, see first posting.
About Me
Blog Archive
-
▼
2008
(72)
-
▼
March
(8)
- What strategies to follow after you have implement...
- New concerns regarding health care information mis...
- Information loss prevention and operational risk m...
- It has been a busy few days, and for information l...
- Information controlMaybe I should rename the blog ...
- According to a survey by Pursuant, http://www.purs...
- Confluence of HIPAA security audits and increasing...
- Selection Criteria for an ILP solutionHere are the...
-
▼
March
(8)
No comments:
Post a Comment