The Effect of NIST 800-171A on Government Contractors
November, 2018, Mali Yared, Practice Director, Cyber Risk Advisory & Privacy, Coalfire
NIST 800-171A introduces a standardized opportunity to perform a more structured and granular level of assessment leveraging the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 framework.
HIPAA Complaints, OCR Investigations, and Security Risk Analysis for Healthcare Delivery Organizations – A Common Thread
November, 2018, Rich Curtiss, Principal, Healthcare Risk Assurance Services
Many HIPAA covered entities (CEs) and business associates (BAs) may not be meeting the regulatory mandate as defined in §164.308(a)(1)(ii)(A) of the HIPAA Security Rule. This implementation specification requires that healthcare delivery organizations (HDOs) “Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.”