RA for MU and Continuous Monitoring. IT Security Requirements Under the HITECH Act. Lisa Broome, RPMS ISSO. Agenda. Introduction Threat Identification Vulnerability Identification Control Analysis Risk Mitigation HIPAA Questions?.
RA for MU and Continuous Monitoring
IT Security Requirements Under the HITECH Act
Lisa Broome, RPMSISSO
Meaningful use criteria and certification
standards are tools to promote health IT
Privacy and security are incorporated to
address risks associated with increasing information
sharing, access and use.
IT security is the foundation to build TRUST in health information technology & electronic information exchange.
HITECH Act Requirements
45 CFR 164.308(a)(1)
Resources and Information
Implemented Across IHS Federal/Tribal/Urban Facilities in August 2009
Focus on HighRisks by Area
Reporting to HHS
Part of the QuarterlyReport to the HHS Secretary
Other vulnerability tests run by OIT/DIS
For Official Use Only
(While it technically needed to meet the standard, facilities will NOT be
required to utilize 2-factor under Stage 1.
Information Security Team: OITSecurity@ihs.govIHS Information Security Web site: http://security.ihs.govContact:Lisa Broome, RPMSISSO: 505-248-4381 firstname.lastname@example.org