Yan has over 14 years of consulting experience in Information Technology and Information Security, specializing in security program development and management, security assessments, and IT audits. Yan has performed and managed numerous security assessment and IT audit projects in the education, government, healthcare, manufacturing, and agriculture sectors. A particular focus recently has been information security in healthcare.
Yan is a founding member of the HITRUST SIG in the Twin Cities, which helps organizations affected by healthcare regulations evaluate and begin implementing the HITRUST Common Security Framework, or CSF. Compliance
While it may seem appealing to take a run at getting through the certification fast, trust me, taking this shortcut is not a good idea, and any perceived savings of time and money will likely come back to haunt you in the future. Going for the low-cost auditor in this case may actually be the most expensive option
READ POST
Compliance
"...I think it’s fair to say that not enough time has passed for us to know the real implication of companies moving EMRs into the cloud."
READ POST
Compliance
Is letting someone know that a patient is not at a particular hospital at a specific time considered Protected Health Information (PHI)?
READ POST
Compliance
The Mayo Clinic recently launched Mayo Clinic Center for Social Media, intended to help train medical practitioners and patients about the use of social media to improve patient care.
READ POST
Compliance
One of the most promising technologies for automatically enforcing compliance with sensitive data handling practices is DLP technology and it is quickly gaining popularity and adoption across many industries.
READ POST
Compliance
Implementation of the above mentioned requirements may warrant creating new or modifying existing policies, implementing new security controls, and providing training for IT staff and other ePHI custodians. Failure to comply with policies and practices may cause the company to be viewed as negligent, triggering significantly higher fines and possible consequences for company leadership.
READ POST
Compliance
One of the common and consistent themes at HIMSS (Healthcare Information and Management Systems Society) this year was achieving "Meaningful Use" requirements.
READ POST
Compliance
In this conclusion of the HITRUST blog series, I would like to discuss some definite opportunities and challenges that HITRUST is likely to face.
READ POST
Compliance
As a continuation of the HITRUST blog series, in this post I would like to explore the concept of certification, and what it means.
READ POST
Solutions
Services
About NetSPI
Contact Us
Copyright ©2012 NetSPI Inc. All rights reserved