Share these talks and lectures with your colleaguesInvite colleagues
Healthcare cyber security and HIPAA assurance with business associates
The paper first summaries how the Health Insurance Portability and Accountability Act (HIPAA) regulations have evolved over the past twenty years and the multitude of cyber security threats faced by the healthcare industry. Secondly, it reviews the HIPAA responsibilities, liabilities and lack of clarity for covered entities and their business associates in providing one another assurance of compliance. Thirdly, it seeks to illuminate the state of HIPAA compliance in today’s healthcare landscape and finally explains the current industry approaches to HIPAA assurance and their perceived value.
The full article is available to institutions that have subscribed to the journal.
Janice Ahlstrom FHIMSS, CPHIMS, CCSFP, RN, BSN, is a director with Baker Tilly. She has more than 38 years’ healthcare experience and provides leadership for the delivery of healthcare risk, compliance and technology solutions. Janice works with healthcare clients regarding internal audit, HIPAA Security and Privacy Rule assessments, SOC1/SOC2 audits and NIST technology risk assessment. Janice’s experience includes healthcare technology and business strategy development, electronic health record systems selection, implementation and management. Additionally, she has years of experience in lean business process redesign with systems implementation. Janice’s career spans a breadth of organisations — assisting premier healthcare providers, payers, senior service, pharmacy benefit organisations across the US to assess risk, improve operations and aligning technology investments to business strategy. In addition to her technology, risk management and management consulting experience, Janice is a registered nurse with 11 years’ clinical practice experience as a nurse manager, educator and staff nurse.
Christopher Tait MBA, CISA, CFSA, CCSK, is a principal with Baker Tilly and has more than 18 years’ experience providing risk management and technology-related consulting and assurance services to financial institutions and healthcare organisations. Chris’s areas of expertise encompass SOC1 and SOC2 examinations, IT auditing, IT assessments, IT operations management, IT strategy development, package systems selection and implementation, business process redesign and custom systems development in a wide variety of environments. His experience includes performing audit and advisory work related to SarbanesOxley (SOX), Model Audit Rule (MAR), Federal Deposit Insurance Corporation Improvement Act (FDICIA) and internal control over financial statements (ICFR). He serves as a leader for SSAE16-SOC 1/SOC2 engagements and provides assistance to clients with compliance requirements such as HIPAA Security Rule, Gramm-Leach-Bliley Act (GLBA), Federal Financial Institutions Examination Council (FFIEC) IT Audit Handbooks and Payment Card Industry Data Security Standard (PCI DSS).
Kenneth Zoline MS, CISSP, is a senior manager in Baker Tilly’s technology risk services practice focusing on cyber security. He has over 20 years’ advisory experience in security and networking, four years of director-level experience developing and managing an information security and risk management programme for SPSS Inc. (now acquired by IBM) and four years of security operations management experience working for IBM global technology services. Additionally, Ken has taught college-level cyber security courses. Ken’s experience encompasses providing control design and compliance consultation for multiple regulations, policies and standards including: FBI for use of Criminal Justice Information Services (CJIS) data, Federal Financial Institutions Examination Council (FFIEC) cyber security requirements, Federal Information Security Management Act (FISMA), NIST Risk Management Framework, Gramm-Leach-Bliley Act (GLBA) security and privacy requirements, HIPAA Security Rule, Internal Revenue Service standards for handling Federal Tax Information (FTI), ISO 27000 security standards, Payment Card Industry (PCI), Data Security Standards (DSS) and Sarbanes-Oxley Act (SOX) Section 404 requirements.