HIPAA compliance is serious business and settlements from violations can carry fines ranging from thousands to millions of dollars. To stay in compliance, healthcare organizations must adhere to the Security Rule as well as analyze the risk and compliance with the requirements of the Privacy Rule, including those addressing business associate agreements (BAA) and the minimum necessary use of protected health information (PHI).
Under the HIPAA Omnibus Rule, cloud service providers are now considered business associates which means they must follow to the same rules as other business associates. The rule states, "A data storage company that has access to PHI (whether digital or hard copy) qualifies as a business associate, even if the entity does not view the information or only does so on a random or infrequent basis. Thus, document storage companies maintaining protected health information on behalf of covered entities are considered business associates, regardless of whether they actually view the information they hold." Make sure your vendors and partners sign a business associate agreement (BAA).
Technology will continue to evolve and improve. As healthcare organizations strive to keep up with the latest trends in technology, HIPAA compliance and data security cannot be overlooked. It is important to run regular risk assessments and adjust data security as necessary. Staying alert will help organizations keep patient data secure.
Securing Your Web Browser
Software features like ActiveX, Java and Scripting may expose your computer to vulnerabilities due to poor implementation, poor design or an insecure configuration. You need to understand which browsers support which features and the risks they may introduce. Some browsers permit you to fully disable the use of these add-on features, while others may allow you to enable features on a per-site basis.
Be aware that you may have multiple browsers installed on your computer. Your email client and document viewers may use a different browser than the one you normally use to access the web. There are benefits to having multiple browsers. One browser can be used for more sensitive activities like online banking and the other can be used for general surfing.
Here are some links that explain how to securely configure some of the most popular web browsers and how to disable features that can cause vulnerabilities.
For Apple computers, tables, and phones visit https://support.apple.com/en-us/HT201265
You can also visit http://help.apple.com/safari/mac/8.0/
â€¨Internet ExplorerFor a PC running Windows visit http://windows.microsoft.com/en-us/internet-explorer/ie-security-privacy-settings
For Windows, Mac and Linux visit https://support.mozilla.org/en-US/products/firefox/privacy-and-security
Google Chrome is compatible with every operating system. Visit https://support.google.com/chrome#topic=3421433
For more information on securing your web browser visit https://www.us-cert.gov/publications/securing-your-web-browser#features
Keeping Your Computer Secure
In addition to selecting and securing your web browser, you can take measures to increase protection to your computer in general. The following are steps and links to information resources that will help you secure your computer.
1. Read the Home Network Security document for small business and home computers.
2. Enable automatic software updates if availableâ€¨ Vendors release software patches when a vulnerability has been discovered. (Note: MacPractice clients should never update their OS without making sure we have released a compatible version.)
3. Use antivirus softwareâ€¨ Antivirus software is the best front-line defense against malicious attacks although it cannot protect against all attacks.
4. Avoid unsafe behaviorâ€¨. Be careful when opening email attachments, when using file sharing, IM or chat. Additional information on this topic can be found in the Home Network Security document.
5. Don't enable it if you don't need itâ€¨ It is more risky to be logged in as an administrator at all times. Consider creating and using an account with limited privileges instead of an 'administrator' or 'root' level account for everyday tasks.
Checklist for Protecting Your Practice Online
[Photo credit: Got Credit]