Texting and E-mail in Medical Offices

Security and Incident Policy Help
•The SANS Security Policy Project
–A Short Primer For Developing Security Policies, samples, guidance
–Available at: http://www.sans.org/resources/policies/
•New York University HIPAA security policies
–A good level of detail; many of the concepts are directly transferable
–http://www.nyu.edu/about/policies-guidelines-compliance/policies-and-guidelines/hipaa-policies.html
•NIST Guide for CybersecurityEvent RecoverySP 800-184, an excellent overall guide that now incorporates incident handling and contingency planning:http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-184.pdf
•NIST Computer Security Incident Handling GuideSP 800-61 Revision 2, a practical guide to responding to incidents and establishing a computer security incident policy and process: http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf
•In addition, the September 2012 NIST ITL Bulletin focuses on the revised SP 800-61, available at: http://csrc.nist.gov/publications/nistbul/itlbul2012_09.pdf