How data privacy frameworks are evolving, and how they can guide risk-based decisions

February 7, 2022

Implementing a framework can be useful, but it requires resources – and healthcare organizations may face challenges gaining consensus over which ones to deploy, said a compliance expert ahead of HIMSS22.

How data privacy frameworks are evolving, and how they can guide risk-based decisions

As the landscape of data privacy rules and risks continue to change and evolve, organizations may consider using a privacy framework to assist in implementing, measuring, and improving their privacy programs.

The NIST Privacy Framework, modeled after the NIST Cybersecurity Framework, contains core functions and controls that can help an organization identify and manage risks to the privacy of data, regardless of the size of the organization, jurisdiction or type of data maintained by the organization.

Although use of a framework is not a substitute for health care organizations' compliance obligations under the HIPAA Rules, use of the NIST Privacy Framework is a good place for organizations to begin reviewing data holistically instead of as segments (e.g. health information, employee information, etc.).

Andrew Mahler, Director of Privacy, Compliance, and Managed Services at CynergisTek, discusses growing number of challenges healthcare organizations related to protecting the privacy of data and ensuring certain rights of patients, members, and consumers.

Read the full article here

Previous Article
KLAS: Evaluating Top Healthcare IoT Security Vendors
KLAS: Evaluating Top Healthcare IoT Security Vendors

KLAS named Medigate, Ordr, and Armis as top healthcare IoT security vendors, all of which can help organiza...

Next Article
CynergisTek is a team of privacy, compliance, IT Audit, and cybersecurity experts dedicated to helping healthcare organizations prepare, reh
CynergisTek is a team of privacy, compliance, IT Audit, and cybersecurity experts dedicated to helping healthcare organizations prepare, reh

Andrew Mahler, Director of Privacy, Compliance and Managed Services at CynergisTek discusses privacy framew...