By Diane Evans
Recently, the U.S. Office for Civil Rights (OCR) proposed stronger rules for data security and compliance under the Health Insurance Portability and Accountability Act (HIPAA).
The purpose is clear – and very real: Cyber crime keeps escalating. And healthcare providers remain prime targets, as thieves especially seek out fraudulent uses of credit card, Social Security and insurance numbers.
While there is bipartisan support for stronger cybersecurity within healthcare, it is uncertain whether the enhanced rules will become finalized this year as planned, or sidelined by the Trump administration.
For providers, the issue is more about improved data security for good business, good stewardship and good-faith in protecting individuals served.
The proposed new rules reflect best practices that have emerged since the major overhaul of HIPAA regulations in 2013. Updated defenses – just like updated security protections in your home – can prevent intrusions.
Consider some of the proposals:
Conduct an inventory of all IT assets.
Map out all the places where electronic information might end up.
Segregate networks to the extent possible.
Encrypt PHI at rest and in transit;
Activate multi-factor authentication;
Conduct a vulnerability scan at least once every six months and a penetration test at least once every 12 months;
Use anti-malware protection;
Remove extraneous software from electronic information systems;
Backup your data and have a data recovery plan.
In terms of network security, you can see on the OCR’s portal of cases under investigation, intrusions commonly happen through networks. By segregating networks, you limit the damage. For example, maybe one facility experiences a breach, but not the entire organization.
Finally, the new rules emphasize the need for comprehensive risk assessment. Without that, you simply don’t know what you are missing. That’s why mapping and inventory is so essential.
You need to account for all of your data, and for all the places it can go.
For extra help: Download our complimentary 14-Point Risk Assessment Survey available from the top of our homepage at www.guardededge.com.
Comments