HIPAA Compliance
The Institute’s Chief Information Security Officer (CISO) works with all covered entities and business associates to ensure compliance is maintained according to HIPAA (Health Insurance Portability and Accountability Act of 1996) regulations, providing data privacy and security protections for safeguarding medical information.
|
IT Security Assessment
The goal of a security assessment is to ensure that necessary security controls are integrated into the design and implementation of a project or service. The Institute’s CISO can provide a security assessment that includes documentation outlining any security gaps between the project and/or service, and approved security policies.
|
IT Security Awareness, Training, and Education
In addition to the required annual training, specialized training can be developed for departments or units upon request. Monthly educational emails are sent to all Institute employees with each topic being relevant to current situations or events, and specific topics may be requested.
|
IT Security Risk Management
An in-depth vulnerability scan may be requested by a user as a part of the Institute’s IT Security Risk Management program. In addition, this program includes a formal exception process for IT security policies, plans, and procedures.
|
IT Security Solutions Design
The Institute’s CISO provides security solutions for requested projects or services based on the NIST standards; Institute policies, plans, and procedures; University policies; applicable laws; and the business needs of the user, e.g., recommendations concerning cloud storage for moderate data such as student records, human health records, or intellectual properties.
|
PCI Compliance
The Institute’s CISO validates the compliance of information transferred across the Institute’s networks based on PCI DSS (Payment Card Industry Data Security Standards) regulations by working with each merchant to ensure the proper security controls are in place. Annual on-site assessments are conducted with each merchant to verify full PCI compliance.
|