Are You HIPAA IT Compliant?
Did you know that on the Dark Web, medical records sell for more than credit card data?
If you are a health services organization, you know your biggest cybersecurity worry is to keep your ePHI secure. Most breaches happen because the devices you use have not been encrypted, one of your employees clicks on a nefarious link in an email, or someone inadvertently downloads malware into your systems.
Encryption Is the New Standard
HIPAA IT standards are the gold standard of cybersecurity in the health service industry. As your organization strives to be in compliance, start with encrypting as much of your data as possible. At the very least, make sure you have passwords on all your computers and mobile devices. Implement Multifactor Authentication to protect your users’ login credentials.
The encryption process converts your data to an unreadable and unstable state. If unauthorized users broke into your network, your email, or your devices, they would not be able to make any sense of it. The only way the encrypted data can be read is with a security key. With this key, the computer will convert the data back into a readable and stable state.
All emails containing ePHI that are sent outside of your firewall need to be encrypted. Additionally, they should be saved in a secure and encrypted archive for at least six years.
Web Content Filter
It’s important to have your managed services provider install a web content filter, which blocks inappropriate and dangerous content as well as cyber criminals who are waiting to steal passwords to your records and databases.
Your service engineer should also help you set up automatic log-off of your PCs and mobile devices. When your authorized personnel have stopped using their computers for a specific amount of time, the computers automatically log out. It is so easy to forget to log out when stepping away from the workstation. This program is a smart and easy backup to use to increase your cybersecurity.
Your medical office has to be aware of the IT portion of the HIPAA checklist. You need to make sure you can check every box. Your managed services provider should perform regular assessments that identify the risks in all systems your business uses to “touch” your ePHI. This includes your:
- Mobile Devices
- Phone Systems
- Cloud Accounts (Email, Storage, etc…)
24/7 Remote Monitoring
To be HIPAA IT compliant, your IT company must be remotely monitoring your systems 24/7. They should be analyzing your logs regularly. They should be able to detect unauthorized access by existing employees.
A good managed services provider should know what it means to be HIPAA IT compliant. It should actively monitor your firewall ports and know which ones are usually attacked. If you have employees working from home, your service engineers should ensure that your VPN tunnel is set up and secure. They should have the ability to sniff out all the security issues your specific practice faces.
If your healthcare organization is in the middle of striving for due diligence to the HIPAA standards and needs an IT company that knows how to help you reach compliance, schedule a free consultation with Joe Nice (Utah) or Fred Bauerfeld (Idaho) at Integrinet IT.
Choose “Sales” from the menu to talk to Joe or Fred.
Read more about HIPAA Compliance:
Summary of the HIPAA Privacy Rules by the United States Department of Health & Human Services