[HIPPA-Health Insurance Portability and Accountability Act of 1996]
Cybersecurity threats are becoming more elaborate and more difficult to combat. Healthcare providers need their HIT infrastructure to remain HIPAA compliant and while keeping daily operations running smoothly.
Organizations are connecting to health information exchanges, adopting electronic health record technology, deploying mobile strategies, and implementing connected medical devices. All of these actions could potentially expose an entity to online threats and even a HIPAA data breach.
Both “HIPAA physical safeguards” and “HIPAA technical safeguards” will have an important impact on a provider’s HIT infrastructure security. Physical safeguards include the necessary physical security measures, policies, and procedures in place to protect its “electronic information systems and related buildings and equipment from natural and environmental hazards, and unauthorized intrusion,” according to HHS.
These can include facility access controls (i.e., locks on doors and keypad entry) and device and media controls, such as ensuring that laptops and tablets are locked away when not in use. Device security is essential as more smartphones, tablets, and laptops are able to connect to the network. If a device is lost or stolen, an unauthorized party may be able to access sensitive information through the device itself. While physical safeguards are important for securing on-premise devices, the migration from legacy systems to a more virtualized network could decrease the number of physical safeguards necessary at a facility.
Virtualization will bring more data agility and compliance concerns, which will likely lead to cloud security worries. The healthcare cloud is an increasingly popular data storage option, as it is hailed as being more secure and can help entities remove physical storage needs.
Cost savings, stronger disaster recovery, and a more scalable platform for internal requirements were top reasons healthcare organizations said they were moving to the cloud. The move to the cloud and virtualized machines emphasizes the need for comprehensive and current HIPAA technical safeguards.
Healthcare providers must consider access control, audit controls, integrity controls, transmission security, and authentication. Essentially, entities need to monitor how data is transferred, stored, and accessed at all times.