Defining A Recognized Security Practice And CyberSecurity Safe Harbor | HHS’ Office For Civil Rights Seeks Public Comment On HITECH Act Provisions | A HITRUST Community Story With John Houston And Michael Parisi
05/23/22 • 52 min
The U.S. Department of Health and Human Servicesâ€TM (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) seeking input from the public on two requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), as amended in 2021. How does it impact cybersecurity and risk management programs? Why do (should) CISOs care about this? Are we about to throw more money at this problem?
Maybe a smart question: Is there an opportunity to be smarter?
While all are important, that final question is certainly the most valid question. But, the details of the provisions will come when the community feedback comes in. The thing to make note of as you listen to this episode is that there's an opportunity to shape these provisions for the better of the overall healthcare ecosystem, moving beyond lowest common denominator frameworks, standards, and controls.
John Houston and Michael Parisi share their thoughts in the current state of cyber risk management affairs, the opportunity to do more in the RFI and potential responses coming in from the community, and how John's experience with an advanced, mature risk management program at UPMC can help set the bar for what's possible — not just from a guidance or framework perspective, but from a fiscally responsible, scalable, operational perspective.
Listen in to learn more about the RFI Â and the role you can have in shaping its outcome.
Not in the healthcare space? You should still pay attention. There's a lot going on in the healthcare sector that other industries can leverage.
Note: This story contains promotional content. Learn more.
____________________________
Guests
John Houston
Vice President, Information Security and Privacy; Associate Counsel at UPMC [@UPMC]
On Linkedin | https://www.linkedin.com/in/john-houston-5b9915b/
Michael Parisi, VP of Adoption, @HITRUST
____________________________
Catch the webcast and the podcast here: https://itspm.ag/hitrust-hhs-ocr-hitech-rfi
Be sure to visit HITRUST at https://itspm.ag/itsphitweb to learn more about their offering.
____________________________
Resources
Individuals seeking more information about the RFI or how to provide written or electronic comments to OCR should visit the Federal Register to learn more: https://www.federalregister.gov/documents/2022/04/06/2022-07210/considerations-for-implementing-the-health-information-technology-for-economic-and-clinical-health
____________________________
To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity
____________________________
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
The U.S. Department of Health and Human Servicesâ€TM (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) seeking input from the public on two requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), as amended in 2021. How does it impact cybersecurity and risk management programs? Why do (should) CISOs care about this? Are we about to throw more money at this problem?
Maybe a smart question: Is there an opportunity to be smarter?
While all are important, that final question is certainly the most valid question. But, the details of the provisions will come when the community feedback comes in. The thing to make note of as you listen to this episode is that there's an opportunity to shape these provisions for the better of the overall healthcare ecosystem, moving beyond lowest common denominator frameworks, standards, and controls.
John Houston and Michael Parisi share their thoughts in the current state of cyber risk management affairs, the opportunity to do more in the RFI and potential responses coming in from the community, and how John's experience with an advanced, mature risk management program at UPMC can help set the bar for what's possible — not just from a guidance or framework perspective, but from a fiscally responsible, scalable, operational perspective.
Listen in to learn more about the RFI Â and the role you can have in shaping its outcome.
Not in the healthcare space? You should still pay attention. There's a lot going on in the healthcare sector that other industries can leverage.
Note: This story contains promotional content. Learn more.
____________________________
Guests
John Houston
Vice President, Information Security and Privacy; Associate Counsel at UPMC [@UPMC]
On Linkedin | https://www.linkedin.com/in/john-houston-5b9915b/
Michael Parisi, VP of Adoption, @HITRUST
____________________________
Catch the webcast and the podcast here: https://itspm.ag/hitrust-hhs-ocr-hitech-rfi
Be sure to visit HITRUST at https://itspm.ag/itsphitweb to learn more about their offering.
____________________________
Resources
Individuals seeking more information about the RFI or how to provide written or electronic comments to OCR should visit the Federal Register to learn more: https://www.federalregister.gov/documents/2022/04/06/2022-07210/considerations-for-implementing-the-health-information-technology-for-economic-and-clinical-health
____________________________
To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity
____________________________
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
Previous Episode
How Secure Can An Internet Be? | The SCION Internet Architecture | Redefining CyberSecurity With Researcher Nicola Rustignoli From ETH Zürich
What if we could create the Internet architecture from scratch? You might think that this is a crazy endeavor, but that's exactly what a research team in Zurich, Switzerland, is doing. And for good reason.
In today's episode, we are joined by Nicola Rustignoli, a research assistant at the Network Security Group at ETH ZÃ1⁄4rich, to take a look at the history of the Internet, its purpose, the challenges it has introduced, and the path forward to an Internet that allows for its intent to be met while maintaining scalability, control, and resiliency. Nicola works on making the Internet more secure and reliable with the SCION Architecture and by helping to start the SCION Foundation.
SCION was born as a research project 11 years ago, from the research question: how secure can an Internet be? There's a lot to learn from this project.
About the SCION Architecture
SCION is the first clean-slate Internet architecture designed to provide route control, failure isolation, and explicit trust information for end-to-end communication. SCION organizes existing ASes into groups of independent routing planes, called isolation domains, which interconnect to provide global connectivity. Isolation domains provide natural isolation of routing failures and misconfigurations, give endpoints strong control for both inbound and outbound traffic, provide meaningful and enforceable trust, and enable scalable routing updates with high path freshness. As a result, the SCION architecture provides strong resilience and security properties as an intrinsic consequence of its design. Besides high security, SCION also provides a scalable routing infrastructure, and high efficiency for packet forwarding. As a path-based architecture, SCION end hosts learn about available network path segments, and combine them into end-to-end paths that are carried in packet headers. Thanks to embedded cryptographic mechanisms, path construction is constrained to the route policies of ISPs and receivers, offering path choice to all the parties: senders, receivers, and ISPs. This approach enables path-aware communication, an emerging trend in networking. These features also enable multi-path communication, which is an important approach for high availability, rapid failover in case of network failures, increased end-to-end bandwidth, dynamic traffic optimization, and resilience to DDoS attacks.
Why a clean-slate design? Why can't we adopt existing solutions? Is it easy to "replace" the Internet?
Listen in to learn more about this exciting program.
____________________________
Guest
Nicola Rustignoli
Research Assistant at ETH ZÃ1⁄4rich and Founding Engineer at the SCION Association.Â
On LinkedIn | https://www.linkedin.com/in/nicola-rustignoli-830b7512/
On Twitter | https://twitter.com/Nicorusti
On YouTube | https://www.youtube.com/channel/UCATqViXMlA0cCroLuoJVAGw
____________________________
This Episodeâ€TMs Sponsors
Imperva: https://itspm.ag/imperva277117988
HITRUST: https://itspm.ag/itsphitweb
____________________________
Resources
Learn more about SCION: https://scion-architecture.net/
On LinkedIn: https://www.linkedin.com/company/78769571
On Twitter: https://twitter.com/SCIONassociatio
On Facebook: https://www.facebook.com/SCIONinternet
SCION Day 2022 videos: https://scion-architecture.net/pages/scion_day_2022/
“The Complete Guide to SCION� is coming out with Springer Verlag in June 2022. An old version is open access and available on scion-architecture.net
The White House & 50 more countries recently released a Declaration for the Future of Internet: https://www.whitehouse....
Next Episode
I Am A Woman — Resilient, Brave, And Strong | A Conversation With Laura Bell | Living And Breathing Technology With Amina Aggarwal
From finding bugs to pentesting and now a successful woman entrepreneur. Let's listen to her story of building resilience, strength, and believing in herself.
It is said that we carve our own destiny, that we create our own opportunities. This conversation inspires us as a woman to never give up on our dreams.
Laura Bell started finding bugs and became a pentester. Soon, she identified that there was a problem for how we understand application security and created an education program for the masses to address this need.
It can be daunting to be an entrepreneur in a male-dominated field. But, Laura's grit and resilience created opportunities for others to follow her path.
Listen to this inspiring conversation about being proud of who you are and welcoming yourself as you are .
____________________________
Guests
Laura Bell
Founder and CEO of SafeStack Academy [@safestack]
On LinkedIn | https://www.linkedin.com/in/lauradbell
On Twitter | https://www.twitter.com/lady_nerd
Host
Amina Aggarwal
On ITSPmagazine  👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/amina-aggarwal
____________________________
This Episodeâ€TMs Sponsors
If youâ€TMd like to sponsor this or any other podcast episode on ITSPradio, you can learn more here: https://www.itspmagazine.com/podcast-series-sponsorships
____________________________
Resources
____________________________
For more Living And Breathing Technology Podcast stories visit:Â https://www.itspmagazine.com/living-and-breathing-technology-podcast
Are you interested in sponsoring an ITSPmagazine Channel?
https://www.itspmagazine.com/podcast-series-sponsorships
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/itspmagazine-podcasts-3754/defining-a-recognized-security-practice-and-cybersecurity-safe-harbor-21064819"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to defining a recognized security practice and cybersecurity safe harbor | hhs’ office for civil rights seeks public comment on hitech act provisions | a hitrust community story with john houston and michael parisi on goodpods" style="width: 225px" /> </a>
Copy