In our last article, we covered some of the documentation that HIPAA requires you to have in place to ensure quality protection of personal information, and before that we covered antivirus and data protection. Where these two intersect is network security. Anytime something is on a server and connecting to the web, even in a closed system, there is the potential for someone to interfere with the process. Even if it is a network only involving communication between other devices on the network, if one of them connects to the internet, that is a potential vulnerability. These processes need to be routinely monitored. It is extremely important that you ensure HIPAA compliance for your business, as there are a lot of potential problems you can face if you don’t.
Keeping Track of What’s on the Network
We mentioned the fact that you need to have all devices containing personal health information (PHI) documented along with their serial numbers, make/model, and location. This will help with another thing you will need to record—any device that connects to the network, as well as any wireless access points. Protecting sensitive data requires that you record and monitor any and all devices that access the network. This is why HIPAA-compliant organizations generally separate public wifi from the network used to communicate patient data. But if you have a list of all devices that will be used for that purpose, and a list of all devices that access the network, you can easily view any discrepancies, and easily compare them.
Making Sure the Network is Secure
You can minimize the potential problems by running a proper firewall, having the right software to prevent breaches, and constant monitoring. There will be a variety of potential weak points as the data passes among devices, and it is important to know where this data is flowing from. It may, for example, be submitted by email, then sent to the database, or it may be entered manually from a new patient form which is scanned in, then sent to the database, then sent from there to a mobile work tablet, and from there to an email account. As it passes from one network device to another, it is important to be able to make sure nothing goes wrong.
How a Managed IT Provider Can Help
HIPAA-Compliant managed IT providers have the equipment to help you prepare your network safety. They do this several ways, first by running tests on internal and external threats, and automated checks for weaknesses. IT providers will also actively partake in penetration testing, where they will go hands on and try to crack your security, so that they know where any weaknesses lie, and form a solution to deal with them. A good IT company will also record any open ports and network access points, by scanning and making a map of the network essentially. Some of these will be unlikely, and some of these will be very possible, and from there we can prioritize which ones we wish to focus on first.
Having a secure and monitored network is an important part of meeting HIPAA compliance, and there is a lot that goes into it. In the next article, we will cover data encryption, because if(and hopefully it never does), security falls into the hands of an attacker, it is important that it remains useless to them.