1. Perform an extensive security review and indentify where electronic protected health information (PHI or ePHI) resides on your IT systems.
2. Create a plan on protecting PHI.
   • Data encryption provides a safe harbor from breach notification. Determine where PHI can be encrypted.
   • Identify public facing extranet portals and web applications that can allow access to PHI.
   • Identify databases that hold PHI.
   • Execute the plan
3. Implement data encryption where practical.
   • For databases, implement a database security product to monitor database requests and protect from intrusion.
   • For web apps, implement a web application security product to protect from cross-site scripting and various attacks to access databases to PHI.
   • Protect endpoints such as laptops, tablets, etc with data at rest encryption by implementing whole disk encryption,

Experior Data helps customers plan and execute data security assessments and technology implementation for healthcare. Our proprietary Technical Security Audit includes a personalized review of your IT systems and well as a vulnerability scan of all your network components.

Related articles by Zemanta

• HITECH Act security breach rules now effective; federales give a six-month pass. Now’s the time to kick compliance efforts into high gear (healthblawg.typepad.com)
• HITECH and State Breach Notification (slideshare.net)
• Using Encryption Garners Exemption For Data Breach Notification (yro.slashdot.org)
• Son of HIPAA Breach Notification Rules and Business Associate Requirements: Who’s Ready? (healthblawg.typepad.com)
• The Cost of Fear | Why Docs Don’t Embrace Technology (Dr. Rob) (hunscher.typepad.com)
• PGP Corporation to Announce Acquisition (newswire.ca)

…

“On October 30, 2009, the Department of Health and Human Services (HHS) issued an interim final rule pertaining to the enforcement provisions of the HI-TECH Act. The final rule serves to conform HIPAA’s enforcement regulations to the revisions to the HIPAA statutes made by the HI-TECH Act.”

…

This is the government’s way of saying “we’re made a rule, and we are now going to enforce it”. The enforcement ruling is an indicative of the federal government’s interest in protecting the privacy and identity of patients. As patient records get converted from paper to electronic security has become a very important part of the healthcare IT ecosystem.

..

Bricker and Echler, LLC go on further to say “The HI-TECH Act significantly increased the penalty amounts for HIPAA violations, as reflected in the final rule. Covered entities should understand the financial risks associated with HIPAA non-compliance and the changes to the available affirmative defenses. It is critical to have an effective HIPAA compliance program to avoid HIPAA violations and to identify and correct HIPAA violations in a timely manner, which can shield the organization from substantial financial penalties”

..

Related articles by Zemanta

• Son of HIPAA Breach Notification Rules (healthblawg.typepad.com)
• Encrypt EHR – Else HIPAA Violations Need Be Reported To Government & Media (docinthemachine.com)
• HHS Releases 2008 Health Care Fraud and Abuse Control Program Report (medicareupdate.typepad.com)
• Stimulus Fuels Gold Rush For Electronic Health Systems (huffingtonpost.com)
• HIPAA Enforcement Meets HITECH: HIPAA Administrative Simplification: Enforcement Rule (healthcarebloglaw.blogspot.com)
• ARRA – HITECH: Health Care Information Breach Notification Regulations Now In Effect (healthcarebloglaw.blogspot.com)