FEATURE sTOrY the resources involved in your operations, and the related risks to your IT functions. This component provides an overview of your particular situation, including asset management, business environment, governance, risk assessment, and risk management strategy. • PROTECTING THE DATA. This covers the means of controlling access to systems and data, employee awareness and training, data security, information protection processes and procedures, maintenance, and protective technology. an example would be ensuring access to patient-related data is limited to only the staff members who need to see it – and/or only designated segments of it. This can be achieved at least partly through password systems that are rigorously tracked and updated as an employee’s status changes. It’s best to have a plan in place and in operation all the time, with procedures that you can instantly implement if a data breach has been detected. • DETECTING ANY BREACHES. To avoid unhappy surprises, develop monitoring systems specific to where and how your data is stored and utilized, and explore methods to trigger alerts if the information has been accessed without authorization. NIsT suggests tracking and recording any anomalies. • RESPONDING TO ANY BREACHES. This refers to developing ways to contain the impacts of any security breach, including putting a plan in place ahead of time to cover communications within your organization and with clients, providing a careful and meticulous analysis of what happened and how, and using this information to improve cybersecurity in the future. • RECOVERY. These are the steps taken after your immediate response, such as recovering any lost data, and also learning what you can from the incident for better planning in the future, in addition to ongoing communications with those affected by the breach and improving existing security procedures. as NIsT advises, it’s best to have a plan in place and in operation all the time, with procedures that you can instantly implement if a data breach has been detected. You never know when, or in many cases how or why, a breach may occur. Because of the possible negative consequences, it’s critical to take all of the above issues into account so that you can act immediately to minimize the impact. although the NIsT Framework is a recommendation and not a regulation, all enterprises that hold or transmit sensitive customer data are held to a variety of local, federal, and international regulatory mandates relative to information security. For improved efficiencies, many financial institutions, utilities, healthcare providers, and others that handle high volumes of private information have chosen to outsource their electronic document processing, billing, and distribution solutions to a thirdparty provider. But how can you be certain that third-party partners are certified in operational excellence and security? Know Who’s Handling Your data any provider of print and electronic billing solutions should follow the industry standards that are essential for security compliance. Here are the top three standards relevant to processing financial data: 1. STATEMENT ON STANDARDS FOR ATTESTATION ENGAGEMENTS NO. 16 (SSAE 16) CERTIFICATION – ssae 16 is an accreditation awarded by the american Institute of Certified Public accountants (aICPa) and ensures that all outsourced documents are handled in a secure, reliable, and stable environment with tight process controls in place. a financial processing service provider that has attained ssae 16 compliance offers reliable evidence of the following: THe jOurNaL OF THe HeaLTHCare BILLINg aNd maNagemeNT assOCIaTION 19
Billing_JanFeb15
To see the actual publication please follow the link above