What is an ISA (Information Security Assessment) and how does one affect day-to-day operations?
A – An information security assessment is an objective evaluation of an organization’s ability and effectiveness to protect, at minimum, the confidentiality, integrity, and/or availability of data. In the healthcare industry, this data is either protected health information (PHI) or electronically protected health information (ePHI) defined by the Health Insurance Portability and Accountability Act (HIPAA). In regards to ePHI, two additional evaluation categories are assessed: non-repudiation and authentication. The assessment impacts the day-to-day operations of a healthcare organization in both the short term and long term. In the short term, during the assessment, organization will be asked to assist in collecting and providing data to the assessment team, and providing organizational support to the assessment team in order to complete a thorough evaluation in the allotted or reasonable timeframe. Long term, depending on the outcome of the assessment, organizations will be expected