July 2014 
The NIST Framework for Improving Critical Infrastructure Cybersecurity
Given the enforcement activities, investigations and audits from the Office of Civil Rights and other state and federal government agencies, it should be an urgent priority for every healthcare provider and business associate to fully comply with the HIPAA Security Rule. The NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.0, known as the NIST Cybersecurity Framework, can provide guidance to assess your current state (i.e., a security gap analysis), describe your target state (i.e., full HIPAA compliance and any other needed security controls), and create an organizational support plan to achieve that target state.
The NIST Cybersecurity Framework focuses on developing a risk management process and guides healthcare and other organizations through a five-step process, as well as providing a needed set of security functions (i.e., activities and outcomes). These functions are further broken down into categories, subcategories and informative references. In the end, the Framework outlines a comprehensive set of cybersecurity controls and an approach to organizational cybersecurity risk management.  
Read more about how the NIST Framework may fit into the security program of a typical healthcare organization.
Jeff Bell
IT Security and Risk Services
CareTech Solutions
For an archive of our newsletters, please visit the Resources page on CareTech.com.