Security Implementation of Privacy Regulation

This paper is a product of the



This paper provides a recommendation for a minimum set of security controls and process tasks to 

protect Personal Identifiable Information (PII).

In general, this paper addresses the intent of local and global privacy laws and regulations. The requirements to meet specific privacy laws or regulations should be clearly identified respective to that specific law or regulation.


Sections include:

          PROCESS TASKS (Selection of relevant controls, Implementation of relevant controls, Assessment and monitoring of relevant controls)

          DATA PROTECTION (Encryption, Access Management)

          AVAILABILITY (Minimum data availability, Controls)

          SUBJECT RIGHTS (Process controls)

          LOGGING (Log configuration, Log entries protection, Log retention, Log analysis)

          INCIDENT REPORTING (Data privacy breach incidents reporting)


Scott Franzitta- BSCI          Bob Haack- KARL STORZ Endoscopy          Elias Nyankojo-Avanos Medical          Viola Girgis- Johnson & Johnson

Health-ISAC Oversight: Josh Singletary




Download the Whitepaper

Protect personal identifiable information (PII)

NOTE: Health-ISAC is all about increasing cyber and physical resilience in the healthcare sector. We are interested in disseminating actionable content that is in keeping with security thought leadership. In alignment with this statement, we do not require your email to download original content from our website and downloading this paper will not place you on a marketing list.

Translate »