This paper posits the use of a well-established standard approach to Federal compliance, which can be easily adapted to satisfy all legal and regulatory requirements for protection of patient personally identifiable information (PII) in health organizations. This approach is embodied in the three standards that dictate how to comply with the Federal Information Security Management Act (FISMA). These standards also provide an excellent foundation for organizing a secure operation anywhere. The discussion revolves around the application of the FIPS 199 and FIPS 200/NIST 800-53(4) standard approach to the satisfaction of the present and upcoming legal and regulatory requirements for health care PII. The outcome would provide a proven, systematically secure and cost efficient solution to those protection needs. The general approach will be explained and justified.
Available at: http://works.bepress.com/dan_shoemaker/1/