The Health Insurance Portability and Accountability Act (HIPAA) changed the way confidential patient information was handled after 1996. If your company has access to patient information that is stored electronically on a network, then you are required by law to be HIPAA compliant.
You should comply with these laws whether you physically take information from a patient, or if you access the information stored by another resource. Ignoring this compliance can result in very hefty fines, and even criminal charges. Regulations require that very specific security measures be put into place to secure information that is at rest, and in transit.
There are also regulations for a security policy to be implemented for individuals that have access to read, write, or alter any electronic information. This can include individual pin codes and passwords issued to each person who has access to this information. The simplest of measures such as the encryption of USB devices and computer hard drives will become a necessary part of introducing a security policy that stands up to HIPAA regulation. Without this in place, patient information could be compromised simply because of a misplaced device or laptop. Even with every measure put into place the weakest link will always be human error.
Recently, Morehead Memorial Hospital in Eden, North Carolina experienced a data breach caused by a phishing attack on two employee’s emails. This beach has affected more than 60,000 people. This just goes to show how a simple phishing email can compromise private patient information without the proper employee training and network security features.
Having a risk assessment performed is necessary to understand the rules and regulations associated with HIPAA compliance. A risk assessment consists of assessing the network for vulnerabilities, introducing a policy to correct the vulnerabilities and strengthen the network, train employees and make them aware of regulations and security policies, and finally to restrict access outside of the network.
TCS can help assist with not only risk assessments, but also in the implementation of a HIPAA compliant security policy that will ensure compliance with the extensive list of regulations. One of the most important implementations of a HIPAA compliant network is documentation. Without the proper documentation a network can become vulnerable unknowingly. This is another essential area that TCS will help implement during a risk assessment. Staying HIPAA compliant is not a one-time solution, like all security solutions it is multi- layered. Our recommendation is at least twice each year you have this assessment performed, so that you can take corrective action on the issues highlighted.
Fill out the form here or call us today 336.804.8449 about having an HIPAA Risk assessment completed on your network.