Connecticut IT Managed Services Blog
Technology is the disruptive force shaping our future, which is why teaching technical literacy has become a vital part of today’s classroom. Students are being introduced to technology at an earlier age, using smartphones and computers to play games, search the web, and to talk to family and friends. Today’s students are comfortable with technology and have become accustomed to the rapid pace of technological change. The task educators face is to show students how to apply technology to do more than just play games and chat with friends. Teachers need to challenge students to apply technology in new and disruptive ways that will shape our future. Read More
With new enterprise technology comes new security concerns. Cloud computing, social media, mobile technology, the Internet of Things (IoT), and other technologies are making it easier to access and use business-critical data, but each new technology seems to bring its own risks. With more businesses relying on digital information, the thing that keeps owners of small businesses and CIOs up at night is keeping that information safe from cyber threats. Read More
Every business runs on computers these days, which means every business needs some form of computer support. Someone has to be responsible for configuring and maintaining computer systems, keeping the Internet up and running, managing the web site (especially if you are dealing selling using e-commerce), and even dealing with paper jams in the printer. At the same time, staffing is one of the biggest expense items for any business, typically consuming more than 50 percent of itemized expenses when you take into account compensation, benefits, insurance, and worker’s compensation. But do you really need a dedicated IT team to keep your network systems up and running? Read More
Topics: IT Support CT
HIPAA, the Health Insurance Portability and Accountability Act, was passed to secure patient records. It applies to health care providers, hospitals, insurance companies, and any organization that has access to protected health information (PHI), especially electronic health records (EHRs). While EHRs have become a real asset for medical practitioners, making it easier to store and share patient data, EHRs also pose a new challenge for IT professionals who have to meet the informational needs of caregivers while still maintaining privacy as outlined under HIPAA.
Of course, maintaining secure EHRs are only part of HIPAA compliance. The HIPAA Security Rule require healthcare providers to implement a list of 75 security controls to secure databases, applications, and systems that contain electronic PHI. HIPAA compliance goes beyond simply maintaining a secure data infrastructure but also encompasses policies and procedures, audits, and other elements that can be complex to set up and manage. And failure to meet HIPAA security compliance can be costly, starting at $50,000 per violation and ranging up to $1.5 million in fines per year. That’s why healthcare IT professionals are enlisting the help of HIPAA experts to help them stay compliant.
What Does the HIPAA Security Rule Cover?HIPAA regulations cover all aspects of protecting personal data, including secure creation, storage, and transmission of patient files, protection against improper use or disclosure, and ensuring that employees handle ePHI securely. The HIPAA Security Rule also extends to maintaining the integrity of ePHI, which means records cannot be altered or destroyed without proper authorization. The data also has to be available, meaning that any authorized person can have access to ePHI on demand.
According to the Department of Health and Human Services (HHS), the HIPAA Security Rule requires administrative, physical, and technical measures to safeguard ePHI:
1. Administrative SafeguardsThese include security assessment, management, and training. HIPAA regulations require a comprehensive analysis of the potential risks to ePHI so there is a clear inventory of risk levels. Security personnel must be in place, including a security officer who has responsibility for implementing security policies and procedures. There also has to be information access management rules in place to limit access to personal information to the “minimum necessary” based on job function. And there has to be workforce training and management to ensure that all staff members understand and apply the appropriate security policies and procedures. Finally, there has to be a periodic evaluation of all administrative safeguards.
2. Physical SecurityThis is required for facility and systems security. The physical facility must have access control so only authorized personnel are allowed admittance. There also has to be device and workstation security, which includes securing mobile devices; any electronic resource that can access ePHI.
3. Technical SafeguardsThese have to be in place to protect electronic data. These include access control so only authorized personnel have e-PHI access. There have to be audit controls in place to record and monitor access from hardware and software. Integrity controls have to be in place to make sure that e-PHI is not altered or deleted. And there has to be transmission security to protect data in transit.
In addition, HIPAA requires risk analysis and management, as well as documentation and written policies and procedures.
Practical Measures for HIPAA ComplianceTo promote HIPAA security compliance, IT professionals have to be judicious in implementing all 75 security controls outlined in the HIPAA Security Rule. However, they don’t have to tackle it alone.
There are a number of areas where an IT service provider can be an invaluable ally:
1. Independent AssessmentTo ensure regulatory compliance it’s always a good idea to audit the systems before the auditors. An IT service company that is familiar with HIPAA regulations can perform an independent security audit, walking through the HIPAA compliance protocols and identifying potential problems before they turn into fines.
2. Hardware ManagementAn independent IT specialist also makes it easier to manage equipment, including implementing the necessary password protocols and authentication. A service provider can help standardize and manage hardware security and authentication, providing systems with pre-installed security software.
3. Mobile ComputingIncreasingly, healthcare providers are adopting tablets and handheld computers to facilitate on-site patient care; computing devices that can be stolen or misplaced easily. An IT service partner can help with mobile device management, including systems configuration, auditing, data encryption, and even wiping the system remotely if it is lost or stolen.
4. Remote MonitoringAs part of security oversight it’s useful to have an external watchdog. An IT service provider can offer remote monitoring services, watching for data traffic anomalies, maintaining access logs, and looking for other issues that may signal a security problem.
5. Cloud ComputingUsing cloud computing and offsite data storage makes it easier to manage and protect e-PHI. Cloud storage is extremely secure and can be protected with two-tier authentication and data encryption. Cloud systems are also easy to audit, and they are elastic so you can store an ever-increasing set of patient records for as long as regulations or medical practice procedures dictate.
Maintaining a complex IT infrastructure is challenging enough without having to be an expert in HIPAA security compliance as well. Bringing in an outside expert makes it easier to assess and manage data security, including ensuring compliance with HIPAA regulations, and hiring outside an expert will more than pay for itself, especially if you consider the cost of paying the fines if you overlook something.
What are critical ways you have ensured HIPAA compliance in your healthcare organization?
The recent controversy regarding the FBI’s efforts to coerce Apple into writing a universal key to unlock iPhone security has shone new light on the need for mobile device management (MDM) software. As you probably know, the FBI sought a means to access the iPhone of Syed Rizwan Farook, the gunman responsible for killing 14 people in San Bernardino. The FBI argued that Apple had to develop software to access Farook’s iPhone data. Apple argued that the FBI’s request would require them to create a universal skeleton key that could compromise security on any iPhone. While all of this is now a moot point, because the FBI was able to unlock Farook’s phone without the help of Apple, the part of the story that few hear is that the FBI could have easily unlocked Farook’s iPhone if San Bernardino County had installed MDM software.Read More
Technology is changing the way small businesses manage their operations, and insurance agencies technology updates are no exception. Insurance carriers and underwriters are investing in more technology to assess risk, create new actuarial algorithms, and develop new types and categories of insurance to meet customers’ changing needs. To stay competitive, insurance agencies have to invest in new technology. However, as with any small business, the challenge is knowing where they will get the most return from their technology investment. Read More
Customer records serve as the foundation of the insurance industry. Whether it’s life insurance, auto insurance, homeowners or medical insurance, having accurate and secure data is critical. Insurance CSOs lose a lot of sleep worrying about how to protect customer records. By necessity, insurance records have to be more comprehensive with more personal, sensitive information, and the insurance industry is heavily regulated, which means protecting customer records is a primary concern. Read More
Data security is one of the biggest concerns of hospital IT (HIT) managers and CIOs responsible for healthcare providers. The mandatory migration to Electronic Health Records (EHRs) does make it easier to update and share patient records, which has led to an improvement in the quality of care. However, EHRs also present new security challenges as hospitals, pharmacies, doctors’ offices, and insurance companies all strive to make EHRs secure but also shareable. The high-profile data breaches we have seen in recent years continue to uncover the flaws in healthcare data security, and provide lessons for changes in the future. Read More
The insurance industry is incredibly competitive. Insurance companies are vying for new personal and corporate customers by offering better service at more attractive rates, staying competitive requires a strong technical infrastructure to keep the company running. By having a better understanding on how IT helps drive business, insurance companies will find themselves in a better position to compete. Read More
Keeping students’ attention in the classroom has always been a challenge for teachers. Most students would rather be somewhere other than school so their minds tend to wander, even when the topic itself might be interesting. To engage with students, teachers need to apply new strategies that promote more interaction and more personal involvement, and using technology in the classroom is proving to be an ideal means to make students more active learners. Read More