HEALTHCARE SECURITY FORUM: A HIMSS EVENT
Boston, MA - September 11 - 13, 2017
The HIPAA Security Rule requires health care organizations to perform a risk analysis, and the final guidance from the OCR specifies that the scope of the risk analysis must include e-PHI in all forms of electronic media.
To include all your e-PHI, you’ve got to know where it lives, and to know that you’ve got to map it.
This requirement to map your data is more than just a compliance issue. It makes good sense for risk management. Once you’ve mapped the data and know where the most valuable data resides and which systems process the most data, you can develop a strategy that prioritizes risk and ties the data to the most appropriate security controls
In this session, learn how Intermountain Healthcare performs ongoing risk analysis, collects and processes risk information, and uses a data dictionary to prioritize risk mitigation efforts.