« HHS 2017 & 2016 HIPAA CMPs | Main | State Laws, Breach Notification & the Protection of Personal Data »

August 11, 2017

The NIST Assessment Criticality Model!

The notion of "Criticality Analysis" is NOT foreign to the HIPAA Security Rule ("SR"). The SR addresses (in part) this requirement as part of the implementation specifications for the Contingency Standard in the Administrative Safeguards: 164-308(a)(7)(ii)(E); which states "Assess the relative criticality of specific applications and data in support of other contingency plan components.

http://www.hipaasurvivalguide.com/hipaa-regulations/164-308.php#a-7-ii-e

However, what NIST is recommending  (currently in draft form) is much broader than just "Applications." Its model discusses (paraphrasing): systems, sub-systems, systems of systems, supply chains, etc. etc. and appears to introduce a concept long missing from the SR which is addressing "single points of failure." The SR "gets at" this concept in a roundabout way but not directly. NIST continues to be a super valuable resource and is a good example of your tax dollars at work!

 

FREE WEBINAR
 
Description:
This webinar will discuss how to quickly determine the state of your HIPAA compliance initiative ("HCI") in preparation for an HHS Audit or Lawsuit.
  
Date and Time, including Time Zone 
August 24, 2017 2:00 EST

Posted at 11:07 AM |

Comments

The comments to this entry are closed.

My Photo

About

NEWSLETTER


  • ACO COMPLIANCE NEWSLETTER

    Join My ACO Mailing List

  • Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon
    Sign up for a FREE
    HITECH / HIPAA
    Compliance Newsletter

    Enter your email address

Categories

CC

Tools

  • Google Analytics

Essays and Such

  • HIPAA Survival Guide (PDF)
    Read the HSG in PDF format.
  • HIPAA Survival Guide (online)
    Practical advice for health care practitioners.

  • Search, KM & the Practice of Law

  • Silicon Stories eBook

  • Dirty Little Secret

  • Competitive Advantage

  • Process Patterns

  • Movie Making and Software Development

  • The Missing Factory

  • Architecture: Shack, House or Skyscraper?

  • The Talent Wars

  • Knowledge Management and Infotainment

  • What comes after what comes next?

February 2019

Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28    

Archives

More...