The Health Insurance Portability and Accountability Act, or HIPAA, was passed in 1996 to ensure the protection of private information, insurance accounts, and regulated practically all personal data created from healthcare activities. Subsequent legislation has also aimed to ensure the protection of the data, such as the HITECH act. There is a long list of requirements for healthcare providers and those who manage the data of those providers, which all revolve around keeping your personal health information(PHI) safe. There are requirements for how you secure your server, your network, user info, encrypting and backing up data, tracking devices used to store information, who can access PHI, manage updates and antivirus, and much more.
How HIPAA Applies to IT Professionals
These requirements also extend to those who manage this data. This means entities like tekRESCUE have to ensure protected status on our end as well, and clearly outline our work to be in compliance with current laws and statutes. We will be going over the specifics of this work as we move through this series. With the nature of this work being something that requires consistency of service and continual monitoring, it is easier to have one company you can rely on. This is why the best route to go to make sure you meet HIPAA compliance is to have a managed IT plan.
Benefits of a Managed Plan
With a managed IT plan, you get one price every month, and weekly (or if needed, daily) monitoring of devices. This monitoring includes assessing network security, encrypting data and monitoring backups, and ensuring everything runs smoothly. And of course, this also includes dealing with various IT issues as they pop up. If you are dealing with issues on-demand, avoidable issues are more likely to pop up. And breaches of security can be costly, both in terms of dealing with them and potential fines for breaching HIPAA. In this first article we will be covering monitoring antivirus status.
What Antivirus Monitoring Means
Antivirus includes other network security measures, not just local antivirus programs that antivirus normally refers to. Local programs are an important part of course, and it is always a good idea to make sure that the software you use is HIPAA compliant. You should, however, be taking other steps to secure physical points of entry as well as networks on which people can access the devices. The first part of this will be making sure that we implement commercially-viable antivirus software. Also important is routinely monitoring antivirus status, and making sure that all anti-malware and antivirus software are receiving daily to weekly patches.
What About Physical Protection?
For physical protection, it is important to make sure that you are not storing passwords physically or storing any network details in plain sight. It is also important to of course vet any potential employees or companies working with your data, but as well if possible to visually monitor workstations. While you should always take reasonable action to ensure safety, that action isn’t always clear cut. This is why help from specialized professionals is always a good idea.