Health Insurance Portability and Accounability Act Security Rule

The most effective and defensible information security program is one that strictly adheres to a

disciplined risk management methodology. Legal authorities warn that laws and regulations regarding

information protection and privacy will continue to evolve over the next decade. These rules will

continue to dictate how firms and government agencies protect and safeguard customer privacy

information. The most effective and efficient way to guarantee compliance to these laws and regulations

is through the adoption of risk management systems. Such a framework will provide a foundational

information security management system leading to compliance and risk reduction and mitigation.

Many functional areas within an organization practice risk management and deal with various aspects of

risk management, including information security, business continuity planning (BCP), disaster recovery

planning (DRP), insurance, finance, and internal auditing, to name a few. Risk management is the critical

first step leading to a successful and compliant implementation of the HIPAA Security Rule.