Security Implementation of Privacy Regulation
This paper is a product of the
GOVERNANCE AND POLICY WORKING GROUP
This paper provides a recommendation for a minimum set of security controls and process tasks to
protect Personal Identifiable Information (PII).
In general, this paper addresses the intent of local and global privacy laws and regulations. The requirements to meet specific privacy laws or regulations should be clearly identified respective to that specific law or regulation.
PROCESS TASKS (Selection of relevant controls, Implementation of relevant controls, Assessment and monitoring of relevant controls)
DATA PROTECTION (Encryption, Access Management)
AVAILABILITY (Minimum data availability, Controls)
SUBJECT RIGHTS (Process controls)
LOGGING (Log configuration, Log entries protection, Log retention, Log analysis)
INCIDENT REPORTING (Data privacy breach incidents reporting)
Scott Franzitta- BSCI Bob Haack- KARL STORZ Endoscopy Elias Nyankojo-Avanos Medical Viola Girgis- Johnson & Johnson
Health-ISAC Oversight: Josh Singletary
Download the whitepaper
Protect personal identifiable information (PII)
NOTE: Health-ISAC is all about increasing cyber and physical resilience in the healthcare sector. We are interested in disseminating actionable content that is in keeping with security thought leadership. In alignment with this statement, we do not require your email to download original content from our website and downloading this paper will not place you on a marketing list.