One of the biggest challenges facing independent health care facilities today is HIPAA Compliance. Are you aware of your compliance level in regards to HIPAA Network Security? As audits increase and regulation continues to address security in relation to ePHI (Electronic Protected Health Information), we recommend that you audit your systems for potential weaknesses. We have outlined some general guidelines below.
- Access Control | each user must have a unique username and password | ePHI must be encrypted at rest, and in transit
- ePHI Authentication | mechanism in place which allows for tracking ePHI alterations or destruction
- Encryption Tools | devices being handled by users which must have encryption capability when sending or receiving ePHI
- Activity Audit Controls | audit controls that log any attempted access to ePHI and recording of what is done with data once it has been accessed
- Automatic Logoff | tools that log off personnel if they have stopped access ePHI after a determined amount of time
Network security is very important and the handling/protection of ePHI should be a top priority for your health care facility. The fines related to any willful neglect will far outweigh the cost of implementing the proper security features.
A great link for learning more.
