HIPAA Top 5
HIPAA Top 5 Protections
The Health Insurance Portability and Accountability Act (HIPAA) sets specific guidelines for any site that stores or transmits Personal Health Information (PHI). This can be in one location or between different locations. It can be internal or external and still require the same safeguards. The Security Rule and a Privacy Rule requires there to be technical and physical controls over the integrity and privacy of PHI. In addition, there has to be restrictions to the access of PHI to only authorized personnel.
1. Conduct a Risk Assessment
Section 164.308(a)(1) of HIPAA requires an organization to conduct the risk analysis before any solution is implemented. It is important to know your network’s vulnerabilities. Officials must understand what type of information might get exposed, who might expose it, and how where it could be exposed. The result of this analysis will facilitate creation of security policies & procedures.
2. Take a Multi-Layer Approach
A single technology cannot provide complete protection. Implementing firewalls, anti-virus software, anti-spam, and intrusion prevention are just some of the things needed to keep patient data completely secure. Your production environment should be protected from your development environment. You need to know what attacks are taking place at each layer of security.
3. Don’t Forget About Email
More patient data is breached through email than any other source. It is crucial to have secure email and full content filtering. You need both inbound and outbound filters for personal health information protection.
4. Implement Policies
Employees must be educated on the security policies of an organization, why the policies are important and how to protect confidential information. eSecurity training is the first step in this important process. Implement a security awareness and training program for all members of its workforce including management.
5. Backup Your Data Offsite (Securely)
Offsite data backup has become the easier and safer alternative to the out dated tape method. Offsite data backup offers multiple encryption methods, sophisticated file search availability, and complete automation. You can recover you data swiftly and test your backup information quickly for accuracy and completeness.
Contact your KRAA Security specialist for further information, devyn@kraasecurity.com
1. Conduct a Risk Assessment
Section 164.308(a)(1) of HIPAA requires an organization to conduct the risk analysis before any solution is implemented. It is important to know your network’s vulnerabilities. Officials must understand what type of information might get exposed, who might expose it, and how where it could be exposed. The result of this analysis will facilitate creation of security policies & procedures.
2. Take a Multi-Layer Approach
A single technology cannot provide complete protection. Implementing firewalls, anti-virus software, anti-spam, and intrusion prevention are just some of the things needed to keep patient data completely secure. Your production environment should be protected from your development environment. You need to know what attacks are taking place at each layer of security.
3. Don’t Forget About Email
More patient data is breached through email than any other source. It is crucial to have secure email and full content filtering. You need both inbound and outbound filters for personal health information protection.
4. Implement Policies
Employees must be educated on the security policies of an organization, why the policies are important and how to protect confidential information. eSecurity training is the first step in this important process. Implement a security awareness and training program for all members of its workforce including management.
5. Backup Your Data Offsite (Securely)
Offsite data backup has become the easier and safer alternative to the out dated tape method. Offsite data backup offers multiple encryption methods, sophisticated file search availability, and complete automation. You can recover you data swiftly and test your backup information quickly for accuracy and completeness.
Contact your KRAA Security specialist for further information, devyn@kraasecurity.com
* Required information.
- Energizer software found to open backdoor
- China to prosecute Google hackers if evidence shows
- Microsoft readies two patches for Windows, Office flaws
- Four charged with hacking ticket vendors
- Comcast.net hacker pleads guilty
- IBM report: Vulnerabilities fell in '09, attacks rose
- Waledac demise imminent after shutdown of domains
- Malta researchers find Windows bug that crashes PCs
- Intel the victim of "sophisticated" cyberattack
- Professors highlight threat of mobile device rootkits