SANS InfoSec Reading Room - HIPAA

<<Reading Room Home
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

FireEye

Featuring 11 papers as of May 23, 2013
PDF Incident Handling in the Healthcare Cloud: Liquid Data and the Need for Adaptive Patient Consent Management
By: Barbara Filkins (posted on October 18, 2012)
The increasing use of electronic health record (EHR) systems, health information exchange (HIE) networks, and cloud computing significantly increases the exposure of sensitive medical information to loss of confidentiality, integrity, and availability due to data-related attacks, such as medical identity theft or insider threats (Ponemon Institute, 2011).
PDF Risk Analysis for HIPAA Compliancy
By: Chris Ralph (posted on March 9, 2005)
This document describes the policy and procedure established by a small hospital, GIAC Health, for meeting the Risk Analysis Administrative Safeguard requirement for HIPAA compliancy.
PDF Security Awareness and Training: Security Reminders
By: Kevin Sackett (posted on January 17, 2005)
Although an organization may have the means to purchase the best firewall technology, deploy the hardest encryption standards, and implement multi-factor authentication schemes, it still needs the complement of enlightened workforce members who understand what measures they can take to help reduce security risks.
PDF A Small Business Search for HIPAA Compliant E-mail Security
By: Dayle Alsbury (posted on July 25, 2004)
This case study is of a small insurance business providing both health and non-health related products which are separated by divisions. HIPAA regulations impact approximately half of the user base in the business.
PDF Developing & Implementing an Information Security Policy and Standard Framework
By: Peni Smith (posted on June 9, 2004)
Attacks against computers, in both home and business environments, have grown steadily over the past several years.
PDF The Shift to Security Implementation in a HealthCare facility
By: Sean Mulch (posted on June 8, 2004)
There are a number of challenges presented to healthcare facilities as they begin the shift to implementing Information Security. One of these is that they have often been among the first to adopt new technologies.
PDF Disaster Recovery in Healthcare Organizations: The Impact of HIPAA Security
By: James C. Murphy (posted on March 4, 2004)
Healthcare organizations are facing increasing regulatory burdens, and the latest to demand response is HIPAA Security. One major aspect of HIPAA Security is the disaster recovery plan, which seeks to restore appropriate access to information after a major calamity.
PDF HIPAA-compliant configuration guidelines for Information Security in a Medical Center environment
By: Robert Grenert (posted on October 31, 2003)
This paper will show that information security is an on-going project and encompasses more than just a few pieces of hardware plugged into a network.
PDF Case Study in Implementing Security for HIPAA Privacy Compliance
By: Ellen Robinson (posted on October 31, 2003)
The Health Insurance Portability and Accountability Act of 1996, otherwise known as HIPAA, set forth new standards for the privacy and security of protected health information (PHI).
PDF Getting Started: The Impacts of Privacy and Security Under HIPAA - A Case Study
By: Barbara Filkins (posted on October 31, 2003)
The paper describes how the Agency established an on-going, cost-effective security program integrated with current Agency business practices.
PDF HIPAA Security Compliance Project - Identification of Logging and Auditing Requirements
By: Kurt Patti (posted on October 31, 2003)
This discussion will outline a project "plan of attack" for a covered entity to identify and address the electronic logging and auditing requirements within the Final HIPAA Security Rule.
SANS Reading Room

Opened my eyes to things that I thought I already knew, and I'm already learning new material on day 1
-Anthony Fischer, Front Porch, Inc.

SANS Capital City 2013 - Washington

Latest Whitepapers

Event Monitoring and Incident Response
By Ryan Boyle

Dead Linux Machines Do Tell Tales
By James Fung

Setting Up a Database Security Logging and Monitoring Program
By Jim Horwath

Latest Tweets

Excellent blog post by @MarkBaggett on pen testing MS SQL vi [...]
May 22, 2013 - 7:39 PM

#appsec "WhatWorks in AppSec: Log Forging" http://t.co/Gsq91O7UAH
May 22, 2013 - 10:00 AM

DFIR Webcast starts in 75 minutes - 50 Shades of Hidden - Di [...]
May 17, 2013 - 3:46 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP