Security Standards

Security standard has two meanings:

• 1. A statement of the extent of evaluation necessary before a particular security feature can be considered for security certification as trusted.
• 2. A set of security features to be provided by a system before it can be deemed to be suitable for use in a particular security processing mode, or in accordance with a generalized security policy.^[1]

Information security management standards are among the most widely used methods of security management. These standards are essential in any successful information security management activities. It is important to note these standards have a limitation. They focus on ensuring that certain information security processes or activities exist, but not on how these security processes can be accomplished in practice. ^[2]

The HIPAA Security Standards require physicians to protect the security of patients' electronic medical information through the use of procedures and mechanisms that protect the confidentiality, integrity, and availability of information. As of 2005, physicians must have in place administrative, physical, and technical safeguards that will protect electronic health information that the physician collects, maintains, uses, and transmits. ^[3]

References

1. ↑ JOHN DAINTITH. "security standard." A Dictionary of Computing. 2004. Retrieved November 25, 2015 from Encyclopedia.com: http://www.encyclopedia.com/doc/1O11-securitystandard.html
2. ↑ Siponen, M. (2006). Information security standards focus on the existence of process, not its content. H.W. Wilson - Applied Science & Technology Abstracts.
3. ↑ American Medical Association. Security Standards and Risk Analysis. Retrieved from http://www.ama-assn.org/ama/pub/physician-resources/solutions-managing-your-practice/coding-billing-insurance/hipaahealth-insurance-portability-accountability-act/security-standards.page?