Security Implementation of Privacy Regulation
This paper is a product of the
Health-ISAC GOVERNANCE AND POLICY WORKING GROUP
SCOPE STATEMENT:
This paper provides a recommendation for a minimum set of security controls and process tasks to
protect Personal Identifiable Information (PII).
In general, this paper addresses the intent of local and global privacy laws and regulations. The requirements to meet specific privacy laws or regulations should be clearly identified respective to that specific law or regulation.
Sections include:
PROCESS TASKS (Selection of relevant controls, Implementation of relevant controls, Assessment and monitoring of relevant controls)
DATA PROTECTION (Encryption, Access Management)
AVAILABILITY (Minimum data availability, Controls)
SUBJECT RIGHTS (Process controls)
LOGGING (Log configuration, Log entries protection, Log retention, Log analysis)
INCIDENT REPORTING (Data privacy breach incidents reporting)
Contributors:
Scott Franzitta- BSCI Bob Haack- KARL STORZ Endoscopy Elias Nyankojo-Avanos Medical Viola Girgis- Johnson & Johnson
Health-ISAC Oversight: Josh Singletary
Download the Whitepaper
Protect personal identifiable information (PII)
NOTE: Health-ISAC is all about increasing cyber and physical resilience in the healthcare sector. We are interested in disseminating actionable content that is in keeping with security thought leadership. In alignment with this statement, we do not require your email to download original content from our website and downloading this paper will not place you on a marketing list.
- Related Resources & News
- Health-ISAC Hacking Healthcare 10-15-2024
- Health-ISAC Welcomes Booz Allen Hamilton to the Ambassador Program
- Health-ISAC Hacking Healthcare 10-9-2024
- Monthly Newsletter – October 2024
- Health ISAC leads effort to transform SBOM information sharing under CISA-facilitated community work
- CyberEdBoard Insights: Phil Englert and Errol Weiss
- Health-ISAC Hacking Healthcare 9-10-2024
- Strengthening Healthcare Cybersecurity: Lessons from Recent Supplier Attacks
- Specialize in Securing Critical Infrastructure
- How AI is transforming cybersecurity, on defense and offense