Susan Ramsey and Anurag Shankar are presenting the talk "HIPAA and FISMA: Computing with Regulated Data," on April 24th at 11am (Eastern).
With cyberattacks and breaches rising exponentially, there is increasing pressure on federally funded scientific and academic institutions to protect regulated data, including identifiable patient data protected by the Health Insurance Portability and Accountability Act (HIPAA), and data collected or processed on behalf of the government, which is subject to the Federal Information Security Modernization Act (FISMA). Each comes with its own set of cybersecurity requirements, including physical, administrative, technical controls, to be applied using a risk-centric approach. FISMA specifies the risk methodology to use, namely the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), but still provides considerable latitude in how it can be deployed. HIPAA leaves the choice entirely to the practitioner. Organizations are also allowed by both regulations to tailor implementation to fit their size, budget, risk tolerance, etc. This provides great flexibility, but the flexibility comes at a cost. Without prescriptive checklists and tools from the government, interpreting the regulations can be a nightmare, especially for the newly initiated. Commercial expertise comes at a premium, and may even be beyond reach due to budget. Fortunately, the news is not all bad. Cybersecurity has seen great improvements in the scientific and academic community in recent years, with a majority of required controls in place already. Remaining obstacles generally are policies and procedures, risk assessment, mitigation, and, most of all, documentation. While these take time and effort, the bulk is limited to initial implementation, with considerable gains in security and efficiency. To illustrate this, this webinar will feature two institutions, the National Center for Atmospheric Research (NCAR) and Indiana University (IU). They will share their stories of how they faced and overcame the FISMA and HIPAA challenges in their research computing environments, and benefited. The webinar will also touch upon the basics of HIPAA and FISMA, the NIST RMF, and how it can be leveraged for HIPAA and FISMA and other types of cyber compliance.More information about this presentation is on the event page.
Presentations are recorded and include time for questions with the audience.
Join CTSC's discuss mailing list for information about upcoming events. To submit topics or requests to present, contact us here. Archived presentations are available on our site under "Past Events."