Health Information Management

Heartbleed Bug underscores need for risk management, PHI mapping

HIM-HIPAA Insider, May 5, 2014

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

The Heartbleed Bug was independently discovered by a team of engineers in April after it hit private and government systems in the United States. The bug creates a hole in an organization’s OpenSSL cryptographic software library and leaks the memory of a server to the client and from the client to the server, thereby compromising encryption, according to

The Heartbleed Bug illustrates the importance of PHI mapping, which is the practice of understanding the lifecycle of PHI in your organization by tracking it through various methods and ensuring it is secure. A proper risk analysis is not complete without PHI mapping, and risk analysis is critical to discovering holes in your privacy and security plan, says Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, Oregon.
“[Heartbleed] created significant vulnerabilities with some of the servers around the country where everybody sort of just scrambled, getting everything fixed so somebody outside can’t steal information,” Apgar says. This incident also highlights the importance of sending regular security reminders, training your workforce, and using encryption for email and devices, he says.
When something like this occurs, privacy and security officers should work with their vendors to identify vulnerabilities and patch all applications and severs as quickly as possible, Apgar says. “It doesn’t have to be this huge, onerous thing,” he says.
This article originally appeared on HCPro’s HIPAA Update blog. Stay up to date on all things HIPAA by signing up for e-mail updates from this blog.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular