Implementing Information Security in Healthcare: Building a Security Program offers a critical and comprehensive look at healthcare security concerns in an era of powerful computer technology, increased mobility, and complex regulations designed to protect personal information. Featuring perspectives from more than two dozen security experts, the book explores the tools and policies healthcare organizations need to build an effective and compliant security program.
Topics include information security frameworks, risk analysis, senior management oversight and involvement, regulations, security policy development, access control, network security, encryption, mobile device management, disaster recovery, and more. Information security is a concept that has never been more important to healthcare as it is today. Special features include appendices outlining potential impacts of security objectives, technical security features by regulatory bodies (FISMA, HIPAA, PCI DSS and ISO 27000), common technical security features, and a sample risk rating chart.
Table of Contents
A Tribute to Terrell W. Herzig, Chapter 1: The Importance of Information Security in Healthcare, Chapter 2: Information Security Frameworks, Chapter 3: Information Security Planning, Chapter 4: Risk Analysis, Chapter 5: Senior Management Oversight and Involvement, Chapter 6: Information Security Regulations, Chapter 7: Security Policy Development, Chapter 8: The Concept of Security Controls Chapter 9: Access Control, Chapter 10: Network Security, Chapter 11: Use of Encryption, Chapter 12: Managing Mobile Devices, Chapter 13: Application Security, Chapter 14: Information Security Operations, Chapter 15: Security Considerations in Technology Contracting, Chapter 16: Business Continuity and Disaster Recovery, Chapter 17: Change Control and Change Management, Chapter 18: Testing Your Technical Controls, Chapter 19: Auditing Your Program, Chapter 20: Incident Handling, Chapter 21: Information Systems Implementation
Terrell W. Herzig, MSHI, CISSP, was Information Security Officer of the University of Alabama at Birmingham (UAB) Health System, the UAB HIPAA Security Officer, and an adjunct professor of Health Informatics at the UAB. Mr. Herzig taught graduate courses in Information Engineering, Programming, Computer Networks, and Information Security in the UAB School of Health Professions. Tom Walsh, CISSP, has partnered with Brian Evans, CISSP, CISM, CISA, CGEIT, to assist healthcare organizations throughout the country with building regulatory compliant information security programs.