"Our privacy and security team will come together and review what controls we currently have in place and do a gap analysis for what's needed now with the new rule's requirements," Syed explains.
Among the compliance projects the New Jersey delivery system will tackle is making sure business associates have detailed agreements with their subcontractors that address privacy and security issues. Also, Barnabas Health will modify the risk assessment process it uses to determine whether to report a breach, in light of the new guidance in the HIPAA Omnibus Rule.
In an interview at RSA Conference 2013, Syed:
- Describes other aspects of HIPAA Omnibus Rule compliance.
- Tells why implementing a consolidated access log management system is a top priority. "We're trying to pull everything into one log management solution so we can create some dashboards and be able to get some early detection if there is some activity that's taking place," Syed says.
- Outlines plans to expand encryption to include certain desktop devices.
Syed has more than 15 years of IT experience, include eight years in security. Before joining Barnabas Health, he worked as a consulting engineer at Inacom/Vanstar and director of technology infrastructure at ShareMax.com.