Skip to main content

Security Implementation of Privacy Regulation

This paper is a product of the

Health-ISAC GOVERNANCE AND POLICY WORKING GROUP

SCOPE STATEMENT:

This paper provides a recommendation for a minimum set of security controls and process tasks to 

protect Personal Identifiable Information (PII).

In general, this paper addresses the intent of local and global privacy laws and regulations. The requirements to meet specific privacy laws or regulations should be clearly identified respective to that specific law or regulation.

Sections include:

PROCESS TASKS (Selection of relevant controls, Implementation of relevant controls, Assessment and monitoring of relevant controls)

DATA PROTECTION (Encryption, Access Management)

AVAILABILITY (Minimum data availability, Controls)

SUBJECT RIGHTS (Process controls)

LOGGING (Log configuration, Log entries protection, Log retention, Log analysis)

INCIDENT REPORTING (Data privacy breach incidents reporting)

Contributors:

Scott Franzitta- BSCI Bob Haack- KARL STORZ Endoscopy Elias Nyankojo-Avanos Medical Viola Girgis- Johnson & Johnson

Health-ISAC Oversight: Josh Singletary

Download the Whitepaper

Protect personal identifiable information (PII)

NOTE: Health-ISAC is all about increasing cyber and physical resilience in the healthcare sector. We are interested in disseminating actionable content that is in keeping with security thought leadership. In alignment with this statement, we do not require your email to download original content from our website and downloading this paper will not place you on a marketing list.

This site is registered on Toolset.com as a development site.