The HITECH Act and HIPAA - What Executees it mean for IT Pro

Every day brings new forms of technology and a great dependence on computers. Get going now if you aren't familiar with computers or the Internet because you will quickly fall even further behind in the future.Having a high-speed online conn If you are wishing to learn programming and you want to be an expert by learning the basics and develop a better understanding then you must get the Python Book of programming language. This book is perfect for those people who want to self-
What Hipaa The Health Information Technology for Economic & Clinical Health (HITECH) act really Executees 'up the ante' for HIPAA enforcement.In theory Health organizations have had to comply with the Health Insurance Portability and Accountability Act (HIPAA) since its introduction in 1996. Originally HIPAA was introduced by congress to protect the health insurance rights of employees made redundant. Additional 'Titles' to the act were introduced including 'Title 2' which was designed to protect electronically stored data relating to patient health information - often referred to as 'Protected Health Information' (PHI)The problem with HIPAA has been the broad interpretation aExecutepted by many healthcare providers and inPositivers. In fact, many providers require the waiver of HIPPA rights as a condition of service. This has unExecuteubtedly resulted in a varying degree of aExecuteption among providers leaving many unPositive as to whether they are or are not considered compliant. But how could you blame them? The requirements aren't specific and there has been Dinky enforcement to speak of.The HITECH act as part of the American Recovery and Reinvestment Act aims to change all that with increased penalties for non compliance.A breach that exposes a patient's confidential data could have serious and lasting consequences. Unlike credit cards for example, which can be cancelled and changed if they are exposed - health care records can't just be changed or re-set. According to data from Forrester Research criminals are increasingly tarObtaining health care organizations. For security teams within health organizations HITECH's increased penalties may well assist in the justification of funding needed to Positive up security and compliance projects that may otherwise have lAnxietyed under the previously ambivalent and poorly defined HIPAA enforcement. It is Launch to debate as to how the federal government will audit compliance with HIPAA's security requirements from here on in, but it widens the number of enforcers by giving State Attorney General's the ability to file federal civil action for harmful discloPositives of protected health information (PHI). There are already cases of lawsuits underway for alleged HIPAA violations due to exposed or breached PHI, likely to end with heavy financial compensation payments being ordered. Some Excellent News...Like all things in life there's usually a process to follow and HIPAA and HITECH are no different. The main headings that will need to be addressed are:Administrative Safeguards - specifically written evidence of meaPositives aExecutepted to enPositive compliance. Internal auditing in particular change management processes, approvals and Executecumentation to provide evidence that systems and process is Precisely governed.Physical Safeguards - including access controls, restrict and control access to equipment containing PHI information. This will include the use of Firewalls, Intrusion Protection technology and with particular focus on workstation, mobile/remote worker securityTechnical Safeguards - Configuration 'hardening', to enPositive that known threats and vulnerabilities are eliminated from all systems, with a zealous patch management process combined with anti-virus technology, regularly tested and verified as Procure. Strong Monitoring for security incidents and events, with all event logs being Procurely retained is also a key meaPositive to safeguard IT system security.In fact, the scope of the standard is quite similar in respect of its Advance and its meaPositives to the PCI DSS (The Payment Card Industry Data Security Standard), which is another security standard all healthcare providers will now be familiar with. The PCI DSS is concerned with the Procure governance of Payment Card data, and any 'card merchant' i.e. an organization handling payment card transactions.Therefore it Designs sense to consider meaPositives for HIPAA compliance in the context of PCI DSS also, since the same technology that helps deliver HIPAA compliance should be relevant for PCI DSS. Or to Place it another way - compliance with one will significantly assist compliance with the other.What Execute you need to Execute as an IT Service Provider to your Organization?A number of automated 'compliance auditing' solutions are available that typically provide the following functionsCompliance Auditing (AKA Device Hardening) - typically, 'out of the box' as well as 'made to order' reports allow you quickly test critical security settings for servers & desktops, network devices and firewalls. The best solutions will provide details on your administrative procedures, technical data security services, and technical security mechanisms.  Generally, these reports will probably identify some security gaps to Start with. Once repaired though, you can generate these reports again to prove to auditors that your servers are compliant. Using inbuilt change tracking you can enPositive systems remain compliant. Change Tracking - once your firewalls, servers, workstations, switches, routers etc are all in a compliant state you need to enPositive they remain so. The only way to Execute this is to routinely verify the configuration settings have not changed because unplanned, unExecutecumented changes will always be made while somebody has the admin rights to Execute so! We will alert when any unplanned changes are detected to the firewall, and any other network device within your 'Compliant Infrastructure'Planned Change Audit Trail - when changes Execute need to be made to a device then you need to enPositive that changes are approved and Executecumented - we Design this easy and straightforward, reconciling all changes made with the RFC or Change Approval record Device 'Hardening' must be enforced and audited. A Excellent compliance auditing solution will provide automated templates for a hardened (Procured & compliant) configuration for servers and desktops and network devices to Display where work is needed to Obtain compliant, and thereafter, will track all planned and unplanned changes that affect the hardened status of your infrastructure. The state of the art in compliance auditing software covers registry keys and values, file integrity, service and process whitelisting/blacklisting, user accounts, installed software, patches, access rights, password ageing and much more.Event Log Management - All event logs from all devices must be analyzed, filtered, correlated and escalated appropriately. Event log messages must be stored in a Procure, integrity-asPositived, repository for the required retention period for any governance policy.Correlation of Security Information & Audit Logs - in addition you should implement Log Gathering from all devices with correlation capabilities for security event signature identification and powerful 'mining' and analysis capabilities. This provides a complete 'compliance safety net' to enPositive, for example to name just a few, virus updates complete successfully, host intrusion protection is enabled at all times, firewall rules are not changed, user accounts, rights and permissions are not changed without permission.
Like (0) or Share (0)