These Healthcare IT Security links are part of a weekly series, Ethical Hacker Roundup, featuring the information security and cyber security related articles that we’ve read over and thought worth sharing from the past week.  Beneath each title is a short snippet that caught our attention.

The series is published on Fridays and we are open to your link suggestions. If you would like to submit an article, for reach out to us through email.

Please also follow us on Twitter @pivotpointsec to see more article in real-time as they are shared.

We hope you enjoy the series.

We chose the title HIPAA on the Move because the links speak about mobile device security and subpoenas.  We thought it was a nice play on words.

Mobile Device Security Tips for 2012

The article speaks about mobile devices (iPads, iPhones, etc) in relation to Healthcare IT Security.  Terrell Herzig is the Information Security Officer at UAB Health System.  Terrell provides good insight for Healthcare organizations beginning to dig into their mobile device security.

Most people don’t understand the ramifications of a lost or stolen device or how to get the most out of their devices. And they think that their organization’s IT department or the manufacturer has already built the security into the device and its support structure.

Preventing a HIPAA Violation in 2012

We thought these statistics were extremely interesting. The top three healthcare specialties that are using mobile devices most frequently are ER physicians, Cardiologists and Urologists and Nephrologists. However, 49% of physicians take no security precautions with their mobile devices. Does this mean the Healthcare provider has not implemented controls, that appropriate security awareness training has not been implemented, or that the physicians themselves do not feel that securing their mobile devices is important enough?

Another way to protect sensitive data is to have it removed from devices before being transferred from a healthcare facility.

How do you know your HIPAA hosting provider is credible? Ask them if they’re willing to sign a business associate agreement, or BAA, which is a contract that clearly outlines each party’s responsibility when it comes to data protection.

Do Subpoenas Trump HIPAA or Trample Security of PHI?

As a Healthcare provider, do you have a procedure in place for handling a subpoena for Electronic Health Records? Is the procedure well documented? This article talks about documentation at a high level and it is done in a very clear way.

you need to have documented procedures in place, and consistently followed throughout the organization, to deal with this type of situation

Mobile Security – Android vs. iOS

As an Information Security Assurance company, we use a variety of mobile devices; Android, iPhone, Blackberry, iPad.  What we found interesting in the Infographic was how they explained the application distribution process as it related to security and also the weaknesses of each platform.

Don’t miss out on the Ethical Hacker Roundup

Be sure to catch the weekly roundups by subscribing to the Pivot Point Security blog via RSS or email.

Free Whitepaper: Five Best Practices for SIEM

The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

• Simplify compliance monitoring/reporting
• Vastly improve Incident Detection & Incident Response
• Contextualize event information with other business relevant information

Download: Information Security Attestation Guide

A Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Is ISO 27001 Right for (Y)our Organization?

Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

• How to deal with increasing threats
• How to manage multiple regulatory requirements
• How to handle client requests for attestation
• To validate that significant changes did not have unanticipated results

Free Whitepaper: Stop Wasting Money on Penetration Testing

Penetration Testing is most frequently performed to:

• Substantiate the net effectiveness of a mature control environment
• Prove to a third party that an environment is secure/trustworthy
• Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
• To validate that significant changes did not have unanticipated results

Free Download: A Best Practices Guide to Database Security

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Free Download: ISO 27001 Implementation Roadmap

Have no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!