Posts Tagged ‘Security’

3 steps for breach notification protection

Tuesday, February 16th, 2010

Beginning on February 18, HHS will have the legal authority to enforce the breach notification laws set forth last year as part of section 13402 of the HITECH Act,  within the American Recovery & Reinvestment Act (ARRA). The penalties can now be up to $1.5 million and require media notification in cases where 500 or more records are breached. Business associates, as well as covered entities, must now comply with the HITECH Act breach notification rule (which essentially makes modifications to the HIPAA Security Rule).



  1. Perform an extensive security review and indentify where electronic protected health information (PHI or ePHI) resides on your IT systems.
  2. Create a plan on protecting PHI.
    • Data encryption provides a safe harbor from breach notification. Determine where PHI can be encrypted.
    • Identify public facing extranet portals and web applications that can allow access to PHI.
    • Identify databases that hold PHI.
    • Execute the plan
  3. Implement data encryption where practical.
    • For databases, implement a database security product to monitor database requests and protect from intrusion.
    • For web apps, implement a web application security product to protect from cross-site scripting and various attacks to access databases to PHI.
    • Protect endpoints such as laptops, tablets, etc with data at rest encryption by implementing whole disk encryption,


Experior Data helps customers plan and execute data security assessments and technology implementation for healthcare. Our proprietary Technical Security Audit includes a personalized review of your IT systems and well as a vulnerability scan of all your network components.

Related articles by Zemanta
Reblog this post [with Zemanta]


Tags: , ,
Posted in HIPAA, Regulation, Rulings, Section 13402, Uncategorized, breach notification | No Comments »

Interim Final Rule on Enforcement Issued

Tuesday, November 17th, 2009

According to Bricker & Eckler, LLP

“On October 30, 2009, the Department of Health and Human Services (HHS) issued an interim final rule pertaining to the enforcement provisions of the HI-TECH Act. The final rule serves to conform HIPAA’s enforcement regulations to the revisions to the HIPAA statutes made by the HI-TECH Act.”

This is the government’s way of saying “we’re made a rule, and we are now going to enforce it”. The enforcement ruling is an indicative of the federal government’s interest in protecting the privacy and identity of patients. As patient records get converted from paper to electronic security has become a very important part of the healthcare IT ecosystem.

..

Bricker and Echler, LLC go on further to say “The HI-TECH Act significantly increased the penalty amounts for HIPAA violations, as reflected in the final rule. Covered entities should understand the financial risks associated with HIPAA non-compliance and the changes to the available affirmative defenses. It is critical to have an effective HIPAA compliance program to avoid HIPAA violations and to identify and correct HIPAA violations in a timely manner, which can shield the organization from substantial financial penalties”

..

Related articles by Zemanta

Reblog this post [with Zemanta]

Tags: , ,
Posted in HIPAA, Law firms, Regulation, Rulings, Uncategorized | No Comments »