Physical Security is as Good as Encryption A locked office with a camera system may prevent robbery or physical intrusion, but what happens if a successful breach occurs? One recent physical incursion caused the loss of 4 million patient records, and there was no encryption in place. These systems could have easily been encrypted for free. To safeguard data, use a free program like Bit Locker, encrypt backups, and centralize safe data with remote desktop software. Keeping secure data off individual workstations – and enforcing this policy across the workplace – saves money, reinforces legal defensibility, and reduces potential leaks.
Compliant IT Covers All the Bases.
Full HIPAA-compliance, of course, means a full set of protocols, procedures, and processes, in addition to secure IT systems. Secure systems training needs to accompany basic security protocols, such as strong password guidelines, locked computer equipment, and two-factor authentication. Covered entities need to be very cautious and concerned about such peripheral security measures.
Legal HIPAA-compliance requires a full spectrum of safeguards, from the post-it to the data centre.
Misconceptions about HIPAA’s new regulations abound, and the new rules now extend coverage to include IT service providers. With such an expanded and complex liability chain, and a constantly changing landscape, learning the ropes can be a challenge. Both medical providers and providers of IT support in San Diego should work together to ensure that they are fully compliant.
Compliance for My Computer Systems Starts and Stops At the Technology Itself
Oh, so wrong once again. HIPAA considers technology infrastructure as key pieces to the compliance paradigm, but it is far from being the end all, be all to ensuring your office is holding itself to the standards expected. The broader discussion is as much one about the people, processes, and procedures in place as it is about the whiz-bang technology being employed. Don’t allow any consultant to come in and tell you that “I can give you this, this, and this to get you fully HIPAA compliant for xx amount of money”. Foolish thinking, but something I see and hear all the time. One of the biggest facets that are underestimated regarding HIPAA and technology usage is the people side of things. Encrypted disk drives and email systems are wonderful — but only when used in the proper hands.
Security Through Obfuscation Is Good Security
I’ve been helping more than a few clients lately (even some who are outside of healthcare) wade through fixing past mistakes about relying too heavily on “security via obfuscation”, also known as “security through obscurity” to some. I catch these practices in use with new customers a few times a year, but this discredited approach to security is coming to the surface heavily now that most of the healthcare industry is being pushed under the HIPAA bus. And it seems that the worst culprits are the small medical organizations, those with perhaps a single owner and a few assistants. These are the ones that tried for many years to do their own IT infrastructure work and are calling us for an SOS in the face of HIPAA