search menu icon-carat-right cmu-wordmark

A Mapping of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to the Cyber Resilience Review (CRR)

Technical Note
This technical note describes mapping of HIPAA Security Rule requirements to practice questions found in the CERT Cyber Resilience Review for organizations' use in HIPAA compliance.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2018-TN-001

Abstract

This technical note provides a description of the methodology used and observations made while mapping the requirements of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to the practice questions found in the CERT® Cyber Resilience Review (CRR). The mapping that emerged allows health care and public health organizations to use CRR results not only to gauge their cyber resilience, but to examine their current baseline with respect to the HIPAA Security Rule and the NIST Cybersecurity Framework (CSF). Both the CRR and HIPAA Security Rule have been mapped to the NIST CSF. The authors used these mappings and their extensive experience with CRRs to propose the mapping found in this technical note. The mappings between the CRR practices and the HIPAA Security Rule are intended to be informative and do not imply or guarantee compliance with any laws or regulations. The proposed mapping shows that the CRR provides complete coverage of the HIPAA Security Rule. As a result, organizations that must adhere to the HIPAA Security Rule can use the CRR to indicate their compliance with the Security Rule.

Cite This Technical Note

Porter, G., Trevors, M., & Vrtis, R. (2018, March 29). A Mapping of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to the Cyber Resilience Review (CRR). (Technical Note CMU/SEI-2018-TN-001). Retrieved May 20, 2024, from https://insights.sei.cmu.edu/library/a-mapping-of-the-health-insurance-portability-and-accountability-act-hipaa-security-rule-to-the-cyber-resilience-review-crr/.

@techreport{porter_2018,
author={Porter, Greg and Trevors, Matthew and Vrtis, Robert},
title={A Mapping of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to the Cyber Resilience Review (CRR)},
month={Mar},
year={2018},
number={CMU/SEI-2018-TN-001},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://insights.sei.cmu.edu/library/a-mapping-of-the-health-insurance-portability-and-accountability-act-hipaa-security-rule-to-the-cyber-resilience-review-crr/},
note={Accessed: 2024-May-20}
}

Porter, Greg, Matthew Trevors, and Robert Vrtis. "A Mapping of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to the Cyber Resilience Review (CRR)." (CMU/SEI-2018-TN-001). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, March 29, 2018. https://insights.sei.cmu.edu/library/a-mapping-of-the-health-insurance-portability-and-accountability-act-hipaa-security-rule-to-the-cyber-resilience-review-crr/.

G. Porter, M. Trevors, and R. Vrtis, "A Mapping of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to the Cyber Resilience Review (CRR)," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2018-TN-001, 29-Mar-2018 [Online]. Available: https://insights.sei.cmu.edu/library/a-mapping-of-the-health-insurance-portability-and-accountability-act-hipaa-security-rule-to-the-cyber-resilience-review-crr/. [Accessed: 20-May-2024].

Porter, Greg, Matthew Trevors, and Robert Vrtis. "A Mapping of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to the Cyber Resilience Review (CRR)." (Technical Note CMU/SEI-2018-TN-001). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 29 Mar. 2018. https://insights.sei.cmu.edu/library/a-mapping-of-the-health-insurance-portability-and-accountability-act-hipaa-security-rule-to-the-cyber-resilience-review-crr/. Accessed 20 May. 2024.

Porter, Greg; Trevors, Matthew; & Vrtis, Robert. A Mapping of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to the Cyber Resilience Review (CRR). CMU/SEI-2018-TN-001. Software Engineering Institute. 2018. https://insights.sei.cmu.edu/library/a-mapping-of-the-health-insurance-portability-and-accountability-act-hipaa-security-rule-to-the-cyber-resilience-review-crr/