Abstract:
Healthcare organizations must comply with the Health Insurance Portability and Accountability Act of 1996 and develop information security policies that ensure the confidentiality, integrity, and accessibility of sensitive information; however guidelines are vague. This bibliography identifies policies and describes information security governance strategies designed to ensure compliance. Organizations must create a leadership committee to (a) assess current policies, (b) oversee policy enforcement, (c) note the effects of internal and external influences, and (d) maintain currency.