Organizations processing protected health information must determine if current access control mechanisms meet new tougher guidelines from HHS/CMS.

August 1, 2011

FOR IMMEDIATE RELEASE
Media Contact: David Trout, 703.464.7010

Reston, VA, 8/1/2011 – SecureIT, a recognized leader in cybersecurity and risk management, announced the availability of a whitepaper on the Security & Privacy Rules associated with the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Health Insurance Portability and Accountability Act (HIPAA). These regulations require covered entities and their business associates to comply with a series of security and privacy guidelines for Protected Health Information (PHI). A userID and password alone are no longer considered adequate to prevent fraudulent or unauthorized access to private or sensitive information without additional protections.

The paper provides an overview of the HITECH and HIPAA information security and privacy requirements. Additionally, since many healthcare organizations interface to Federal government systems, a brief overview of the Federal Information Security Management Act (FISMA) is also provided. SecureIT developed the paper to provide to examine one specific aspect of these regulations and associated rules --- those pertaining to the factors and requirements for multi-factor authentication. This paper provides insights to aid implementers in determining applicability based on whether the implementer’s organization is one of:

a) Commercial/non-profit organization providing IT services/solutions to another commercial/non-profit organization involving EPHI or otherwise subject to HIPAA
b) Commercial/non-profit organization providing IT services/solutions to a Federal Government agency involving EPHI or otherwise subject to HIPAA
c) Commercial/non-profit organization providing IT services/solutions via a Federal Government grant involving EPHI or otherwise subject to HIPAA

The whitepaper can be obtained from the SecureIT website or by request to info@secureit.com

About SecureIT

SecureIT is a professional and technical services firm focusing on cybersecurity, information assurance and technology risk management. Assisting government agencies, corporations and non-profit organizations, SecureIT enables its clients to identify and manage risks in business processes, technology and contracted services. SecureIT offerings include Cybersecurity, Information Assurance, Governance, Risk & Compliance, IT Audit, and Security Training. Founded in 2001, the company is comprised of experienced and certified cybersecurity, privacy and IT audit professionals that sit on the boards and are active in Washington DC area chapters of information security organizations such as ISACA, ACT-IAC, ISSA and IIA. For more information, call 703.464.7010, email info@secureit.com or visit www.secureit.com.