Managing ePHI on the Internet

April 11th, 2012 by INetU | View Comments

Tags: , , , ,

About Information Security and Managing your ePHI

The internet continues to play a key role in simplifying business practices in all industries. The  health care industry is no exception. Many health care organizations are finding it necessary to place Protected Heath Information (PHI) or electronic Protected Heath Information (ePHI) online.  One extremely important factor that health care organizations need to consider is that PHI is covered under the HIPAA and HITECH acts which need to be handled very carefully.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to provide privacy standards for the protection of patients’ medical records and other health information supplied to health plans, doctors, hospitals and other healthcare entities.

What is HITECH?

The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 extends HIPAA coverage by addressing third-party access to protected health information (PHI), increasing compliance obligations and strengthening enforcement penalties.

Why is it Important to Comply with HIPAA and HITECH?

HIPAA and HITECH compliance is imperative to preserve your ongoing business operations.  Failure to successfully meet the standards may result in not only regulatory actions, such as fines, but also loss of business, damage to reputation and loss of public trust.

How to Protect Your PHI?

Organizations looking to transmit or store PHI on the Internet should take a multi-layered approach to their data protection. Here are some areas to address:

  • Servers – PHI should be hosted on dedicated servers with hardened operating systems
  • Security patches need to be kept up to date. Hard passwords should be used for all login
  • Firewalls – A Dedicated Firewall is required
  • Intrusion Detection Software should be run to log traffic to and from the servers
  • VPN is necessary in most cases, as it helps encrypt data transferred between two locations
  • Software - Software should be installed on the server to track changes to files and logwho made a change to and/or viewed PHI, from where and at what time
  • Storage – Since PHI and records of access to PHI need to be stored for a minimum of 6years; a backup retention strategy should be put in place that meets that requirement.Typically this will involve off-site archiving of backups. Encryption should be used on PHI and related data stored on portable media

If you need help with HIPAA and HITECH compliance make sure to find a trusted web host who has the right knowledge, experience, and security tools to continuously safeguard your PHI.

ITX DSS 2011- Are You Legally Prepared for the Coming Cyber War?

August 10th, 2011 by Jeanine S. | View Comments

Tags: , , ,

Our third speaker at the ITX Data Security Summit was Gerry Elman from Elman Technology Law, who asked the question: “Are You Legally Prepared for the Coming Cyber War?” He also chose a sub-topic even more relevant to the audience: “Preparing Your Legal Playbook In Anticipation of Data Security Breaches.”

Here’s a clip from the beginning of Gerry Elman’s presentation:

Read the full post »

Obtaining HIPAA Compliance Through a PCI DSS Framework

June 1st, 2011 by Patrick M. | View Comments

Tags: , , ,

Compliance is a hot topic in the IT industry, and for good reason. By following the rules and guidelines set forth by these compliance standards, not only do you avoid potential fines and penalties but you also are providing your users and clients the peace of mind in knowing that their data is secured. Where PCI compliance is relatively straight forward (12 controls which are easily measureable and testable) HIPAA compliance is a bit less friendly and much more vague.

Read the full post »

We Create Unique Configurations – Hybrid Solution example in the Health Care Industry

August 4th, 2010 by Rich H. | View Comments

Tags: , , ,

At INetU, our ability to support all of your needs is what defines us as an organization. The following example describes how we’re helping businesses like yours make their hosting solution better!

Read the full post »

Data Security Fundamentals

April 28th, 2010 by Jason B. | View Comments

Tags: , , , , , , , ,

We often talk about system or network security and best practices for those types of technologies. Obviously, they are important; otherwise we wouldn’t talk about them. But, all in all, what are we protecting with those types of technology? That’s right, the data. Too often, we spend a lot of time on building a big perimeter wall, and not enough time putting a lock on the filing cabinet.

Data security is very important, and needs the attention that other forms of security get. Here are some basic fundamentals in Data Security:

Read the full post »

« Older Entries
©1996-2011 INetU Inc, All Rights Reserved.