Topic: Recognize the risks of remote access
HIM Connection, March 4, 2008
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
When rolling out remote access to a segment of your work force, first define your needs. You must understand what information remote users will access and which business needs the access fulfills. In its remote access security guidance, CMS cautions covered entities against providing unnecessary remote access.
After you determine that an appropriate need for remote access exists, conduct an in-depth security assessment. Adopt the necessary technical and physical precautions in response to any vulnerabilities. "Implement well-known security standards/protocols, such as [Wi-Fi protected access] for wireless encryption and authentication, and [remote desktop protocol], [secure shell], or a [virtual private network] for secure remote communications," says Kevin Beaver, CISSP, an independent consultant and president of Atlanta-based Principle Logic, LLC. "And by all means, use whole-disk encryption for laptop drives."
Beaver also recommends taking the following three steps:
- Adopt centralized mobile security management practices
- Conduct periodic and consistent security testing to validate that controls are working and that you have minimized vulnerabilities
- Automate your security controls when possible to ensure consistent security and change management
Tom Walsh, CHS, CISSP, president of Tom Walsh Consulting, LLC, in Overland Park, KS recommends creating an agreement for remote access users and telecommuters to sign, similar to one that you might have in place with users of portable devices and media. Include provisions that address the risks your security assessment reveals.
Editor's note: This topic was adapted from the March 2008 issue of Briefings on HIPAA. For more information, or to purchase a copy of this article for $10, visit http://www.hcpro.com/content/206331.cfm.
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Comments
0 comments on “Topic: Recognize the risks of remote access ”
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched