Check the Cybersecurity Boxes on this List

By Diane Evans 

Earlier this year, the federal government published a Notice of Proposed Rulemaking, laying out potential IT practices that could become mandatory under the Health Insurance Portability and Accountability Act (HIPAA).  The proposed changes reflect best practices that have evolved over time as effective defenses against data breaches.

Whether the changes become mandatory or not, they represent vigilance in protecting confidential information, including that which can lead to fraud.

To learn more, there is a federal website available, and a 12-page download that clearly delineates the proposed new standards, representing a gold-star plan for securing data.

These publicly available resources are worth employing in your organization – helping both senior leaders as well as IT staff.  Examples of  “essential goals” include: 

• Mitigate Known Vulnerabilities: Reduce the likelihood of a breach by segregating networks and configuring privacy settings.

• Multifactor Authentication: Add a critical, additional layer of security, when possible, to protect assets and accounts directly accessible from the Internet.

• Basic Cybersecurity Training: Ensure organizational users learn and apply more secure behaviors.

• Strong Encryption: Deploy encryption to maintain confidentiality of sensitive data, including data in motion.

  
  

If you are a senior leader, the full list, which is included in the download, can guide you in assigning and tracking IT responsibilities. And for IT professionals, these resources serve as a checklist for cybercrime prevention.