HCISPP

Course
Time
5 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Transcription

00:00
Hello again and welcome to the H C I s P p certification course with Sai Buri
00:06
awareness of her party requirements.
00:09
My name is Shalane Hutchins in on your instructor.
00:15
In this video, we're gonna cover information flow mapping and scope,
00:20
data classification,
00:22
privacy and security requirements
00:26
and risks associated with third parties.
00:32
The world in which health care entities operate today
00:36
requires information sherry to coordinate care and provide enhanced offerings to individuals.
00:43
Security professionals are paramount to helping toe identify risks in the full of information
00:50
where it starts, where it travels, where it is stored and how it's used.
00:57
Information. Security professionals can identify risks associated with various technologies and make recommendations on minimizing the risk to the data.
01:11
To be able to correctly assess risks surrounding the data, it is important that the primary entity understands the value of its data.
01:21
It would seem easy to declare that all information is sensitive,
01:25
but a solid data classification system can help to make decisions that can influence decisions about how to protect the processing, transmission and storage of the data.
01:37
As an example, simple names and addresses of patients may be protected at a different level, than a database of patients with identified mental illnesses.
01:51
Privacy is really the what in this question, it dictates what needs to be protected.
01:57
Sensitivity in value of the data play an important role,
02:01
as discussed earlier. Matt all data is created equal.
02:07
Some elements are more valuable than others, while others offer value. When combined with additional data elements,
02:15
it is important to consider the rights of the data owner when a primary entity interest into a relationship with a third party.
02:23
For example, if the data belongs to patients, what risks are introduced to the data by entrusting it to a third party?
02:34
Security is the how
02:37
it goes hand in hand with the privacy because it determines what protections need to be in place to guard data based on its sensitivity and value as well as the risk of exposure.
02:54
It is the primary entities responsibility to perform due diligence to determine the level of risk
03:00
introduced by a fender.
03:02
This activity should occur not only prior to engaging in a relationship with the vendor,
03:08
but also throughout the duration of the contract, especially because technology, business processes and regulations continue to evolve over time.
03:20
The risk assessment should take into account
03:23
the nature of the work performed by the vendor,
03:27
the amount of sensitive data that will be handled,
03:30
the frequency of the contact with the data
03:34
and the criticality of the vendor to the primary entities business operations.
03:39
During the course of the vendor relationship,
03:42
it is important for the primary entity to oversee and assess the controls that the vendor has implemented.
03:50
A primary entity has to determine how much oversight is Thea appropriate amount.
03:55
For example,
03:57
if the vendor invests in audits like a stock to Type two and certifications like ice, so that appeared to provide a high level of confidence in its control environment, the primary entity may be able to place more reliance on assessments performed by external entities. Yet
04:16
it's always a good practice toe. Ask questions specific to the business relationship and to inspect facilities where work is being performed. For example, when I was in Victor Risk management role, I had the experience of performing on site assessment of a vendor
04:34
who didn't really have a physical location.
04:39
We ended up conducting the assessment in a hotel conference room,
04:44
so, needless to say,
04:46
that relationship ended up changing.
04:51
It's time for another Malik check.
04:56
Information flow mapping includes all except
05:00
a
05:01
what elements are included in the data
05:04
B where the data is stored.
05:09
See how the data is used
05:12
or d where the data starts.
05:21
The answer is a what elements are included.
05:30
True or false, privacy is how data needs to be protected,
05:34
and security is what data needs to be protected.
05:46
That answer is false. Privacy is what data needs to be protected, and security is the how the data needs to be protected.
05:57
In summary, we've covered information flow, mapping and scope,
06:01
data classification,
06:03
privacy and security requirements and risks associated with third parties.
06:10
Thank you for taking this journey with me.
06:13
Please continue to leverage the supplemental materials as you prepare for your exam.
06:18
I wish you much success in achieving your certification.

HCISPP

The HCISSP certification course provides students with the knowledge and skills to successfully pass the certification test needed to become a healthcare information security and privacy practitioner. The course covers all seven domains included on the exam.

Instructed By

Instructor Profile Image
Schlaine Hutchins
Director, Information Security / Security Officer
Instructor