Connecticut IT Managed Services Blog

Healthcare IT Practices to Help Ensure HIPAA Compliance

Posted by Tom McDonald


HIPAA, the Health Insurance Portability and Accountability Act, was passed to secure patient records. It applies to health care providers, hospitals, insurance companies, and any organization that has access to protected health information (PHI), especially electronic health records (EHRs). While EHRs have become a real asset for medical practitioners, making it easier to store and share patient data, EHRs also pose a new challenge for IT professionals who have to meet the informational needs of caregivers while still maintaining privacy as outlined under HIPAA.

Of course, maintaining secure EHRs are only part of HIPAA compliance. The HIPAA Security Rule require healthcare providers to implement a list of 75 security controls to secure databases, applications, and systems that contain electronic PHI. HIPAA compliance goes beyond simply maintaining a secure data infrastructure but also encompasses policies and procedures, audits, and other elements that can be complex to set up and manage. And failure to meet HIPAA security compliance can be costly, starting at $50,000 per violation and ranging up to $1.5 million in fines per year. That’s why healthcare IT professionals are enlisting the help of HIPAA experts to help them stay compliant.

What Does the HIPAA Security Rule Cover?

HIPAA regulations cover all aspects of protecting personal data, including secure creation, storage, and transmission of patient files, protection against improper use or disclosure, and ensuring that employees handle ePHI securely. The HIPAA Security Rule also extends to maintaining the integrity of ePHI, which means records cannot be altered or destroyed without proper authorization. The data also has to be available, meaning that any authorized person can have access to ePHI on demand.

According to the Department of Health and Human Services (HHS), the HIPAA Security Rule requires administrative, physical, and technical measures to safeguard ePHI:

1. Administrative Safeguards

These include security assessment, management, and training. HIPAA regulations require a comprehensive analysis of the potential risks to ePHI so there is a clear inventory of risk levels. Security personnel must be in place, including a security officer who has responsibility for implementing security policies and procedures. There also has to be information access management rules in place to limit access to personal information to the “minimum necessary” based on job function. And there has to be workforce training and management to ensure that all staff members understand and apply the appropriate security policies and procedures. Finally, there has to be a periodic evaluation of all administrative safeguards.

2. Physical Security

This is required for facility and systems security. The physical facility must have access control so only authorized personnel are allowed admittance. There also has to be device and workstation security, which includes securing mobile devices; any electronic resource that can access ePHI.

3. Technical Safeguards

These have to be in place to protect electronic data. These include access control so only authorized personnel have e-PHI access. There have to be audit controls in place to record and monitor access from hardware and software. Integrity controls have to be in place to make sure that e-PHI is not altered or deleted. And there has to be transmission security to protect data in transit.

In addition, HIPAA requires risk analysis and management, as well as documentation and written policies and procedures.

Practical Measures for HIPAA Compliance

To promote HIPAA security compliance, IT professionals have to be judicious in implementing all 75 security controls outlined in the HIPAA Security Rule. However, they don’t have to tackle it alone.

There are a number of areas where an IT service provider can be an invaluable ally:

1. Independent Assessment

To ensure regulatory compliance it’s always a good idea to audit the systems before the auditors. An IT service company that is familiar with HIPAA regulations can perform an independent security audit, walking through the HIPAA compliance protocols and identifying potential problems before they turn into fines.

2. Hardware Management

An independent IT specialist also makes it easier to manage equipment, including implementing the necessary password protocols and authentication. A service provider can help standardize and manage hardware security and authentication, providing systems with pre-installed security software.

3. Mobile Computing

Increasingly, healthcare providers are adopting tablets and handheld computers to facilitate on-site patient care; computing devices that can be stolen or misplaced easily. An IT service partner can help with mobile device management, including systems configuration, auditing, data encryption, and even wiping the system remotely if it is lost or stolen.

4. Remote Monitoring

As part of security oversight it’s useful to have an external watchdog. An IT service provider can offer remote monitoring services, watching for data traffic anomalies, maintaining access logs, and looking for other issues that may signal a security problem.

5. Cloud Computing

Using cloud computing and offsite data storage makes it easier to manage and protect e-PHI. Cloud storage is extremely secure and can be protected with two-tier authentication and data encryption. Cloud systems are also easy to audit, and they are elastic so you can store an ever-increasing set of patient records for as long as regulations or medical practice procedures dictate.

Maintaining a complex IT infrastructure is challenging enough without having to be an expert in HIPAA security compliance as well. Bringing in an outside expert makes it easier to assess and manage data security, including ensuring compliance with HIPAA regulations, and hiring outside an expert will more than pay for itself, especially if you consider the cost of paying the fines if you overlook something.

What are critical ways you have ensured HIPAA compliance in your healthcare organization?

onsite_vs_remote_it_support

Read More

Topics: Healthcare

How MDM Software Can Help Unlock Work Phones For Government Purposes

Posted by Tom McDonald

The recent controversy regarding the FBI’s efforts to coerce Apple into writing a universal key to unlock iPhone security has shone new light on the need for mobile device management (MDM) software. As you probably know, the FBI sought a means to access the iPhone of Syed Rizwan Farook, the gunman responsible for killing 14 people in San Bernardino. The FBI argued that Apple had to develop software to access Farook’s iPhone data. Apple argued that the FBI’s request would require them to create a universal skeleton key that could compromise security on any iPhone. While all of this is now a moot point, because the FBI was able to unlock Farook’s phone without the help of Apple, the part of the story that few hear is that the FBI could have easily unlocked Farook’s iPhone if San Bernardino County had installed MDM software.

Read More

Topics: Security, Mobile World

How Small Insurance Agencies Can Improve With Technology Updates

Posted by Tom McDonald


Technology is changing the way small businesses manage their operations, and insurance agencies technology updates are no exception. Insurance carriers and underwriters are investing in more technology to assess risk, create new actuarial algorithms, and develop new types and categories of insurance to meet customers’ changing needs. To stay competitive, insurance agencies have to invest in new technology. However, as with any small business, the challenge is knowing where they will get the most return from their technology investment. Read More

Topics: Insurance

How To Protect Your Customer Insurance Information With Managed IT

Posted by Tom McDonald


Customer records serve as the foundation of the insurance industry. Whether it’s life insurance, auto insurance, homeowners or medical insurance, having accurate and secure data is critical. Insurance CSOs lose a lot of sleep worrying about how to protect customer records. By necessity, insurance records have to be more comprehensive with more personal, sensitive information, and the insurance industry is heavily regulated, which means protecting customer records is a primary concern. Read More

Topics: Insurance

4 Lessons Learned from Recent Healthcare Data Breaches

Posted by Tom McDonald


Data security is one of the biggest concerns of hospital IT (HIT) managers and CIOs responsible for healthcare providers. The mandatory migration to Electronic Health Records (EHRs) does make it easier to update and share patient records, which has led to an improvement in the quality of care. However, EHRs also present new security challenges as hospitals, pharmacies, doctors’ offices, and insurance companies all strive to make EHRs secure but also shareable. The high-profile data breaches we have seen in recent years continue to uncover the flaws in healthcare data security, and provide lessons for changes in the future. Read More

Topics: Healthcare

5 Concerns Your IT Is Holding Back Your Insurance Company

Posted by Tom McDonald


The insurance industry is incredibly competitive. Insurance companies are vying for new personal and corporate customers by offering better service at more attractive rates, staying competitive requires a strong technical infrastructure to keep the company running. By having a better understanding on how IT helps drive business, insurance companies will find themselves in a better position to compete. Read More

Topics: Insurance

How Using Technology in the Classroom Can Help Teacher Engagement

Posted by Tom McDonald


Keeping students’ attention in the classroom has always been a challenge for teachers. Most students would rather be somewhere other than school so their minds tend to wander, even when the topic itself might be interesting. To engage with students, teachers need to apply new strategies that promote more interaction and more personal involvement, and using technology in the classroom is proving to be an ideal means to make students more active learners. Read More

Topics: K-12, Education

How Technology and Education Needs To Be More Focused in 2016

Posted by Tom McDonald


How to use technology in the classroom has been a topic of discussion among educators for some time. Technology is changing classroom instruction as the cost of computing hardware drops and demand for Web access increases. The current generation of teachers are dependent on technology as part of their lesson plans. However, rather than adapting old lesson plans to include technology, educators are rethinking teaching strategies by building new teaching models with technology as a foundation. Read More

Topics: K-12, Education

How Schools Can Improve the Future of Educational Technology

Posted by Tom McDonald


Technology has changed the face of education, although the basic principles of teaching have not changed. Many argue that technology has taken the place of the teacher in the classroom, or somehow made skilled educators less valuable. Teachers are still essential, but what technology has done is give educators new approaches and new tools to be more effective. However, technology is still only a tool, but skilled teachers who understand how to apply technology tools to best advantage will continue to change the face of education. Read More

Topics: K-12, Education

How Technology is Solving Advanced Manufacturing Processes

Posted by Tom McDonald


Manufacturing processes continue to evolve thanks to technology. Automated production systems and integrated business processes make manufacturing more efficient, more cost-effective, and more agile. No matter what the industry or the products, technology is powering new manufacturing processes and the business and supply chain activity behind manufacturing success. Read More

Topics: Manufacturing