HIPAA Compliance
|
|
HIPAA is the acronym for the Health Insurance Portability and Accountability Act of 1996. Among other things, this new law requires that health care providers, health insurance companies and health care clearing houses implement security practices to ensure privacy and safeguard against intentional and inadvertent disclosure of individually identifiable health information. The law applies to paper, oral and electronic means of communication. It also requires the same organizations to protect data against loss due to to fire, flood or theft and to audit access to data. Penalty's for non-compliance are severe and include stiff fines and jail time. Additionally, patient's can use HIPAA as a basis to bring civil lawsuits against heath care companies when personal information is released to unauthorized parties regardless of whether that information is divulged accidentally, intentionally, as a result of criminal activity to include hacker break-ins. What does this mean to your computer network? Simply put you must take reasonable precautions to secure, protect, limit access and audit access to your patient data stored on your computers. You must also encrypt the same information when sent via otherwise insecure means such as Internet e-mail. This means restricting physical access, employing unique domain user accounts, strong passwords, assigning security permissions to files, turning on the auditing features of Windows 2003, ensuring data is backed up and backup media is stored offsite and archived, implementing VPN's where appropriate and using e-mail messaging software that incorporates built in or third party security and encryption features. The standards now expected of the health care industry are similar to standards in use in the financial and defense industries. Linear B Networks can help you implement security practices and safeguards on your network and in your messaging systems that will ensure compliance with HIPAA. Companies that employ Windows XP Professional and Windows 2003 Server operating systems are a step ahead with regard to HIPAA compliance. These operating systems incorporate several built in features that can be used to secure your data. We offer a comprehensive HIPAA Technical Security Audit that will identify deficiencies and provide an affordable roadmap to compliance. Getting your company in line with HIPAA need not involve high priced proprietary software solutions. The bulk of the requirements can be achieved with software, hardware and practices that should already be standard in any secure networked computing environment. More information regarding HIPAA and how it applies to security of computer information systems can be found at the following sites: http://cms.hhs.gov/hipaa/hipaa2/default.asp http://www.sans.org/rr/legal/compliance.php http://aspe.hhs.gov/admnsimp/bannerps.htm#security
|
Send mail to webmaster@linearbnetworks.com with questions or comments about this web site. |
.gif)
