Health Information Management

Address top security flaws on your network

HIM-HIPAA Insider, January 5, 2015

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

In my experience, most organizations in the healthcare industry—both covered entities and business associates—have taken the steps to put policies, business processes, and training programs in place to help ensure compliance with the HIPAA Security Rule. Still, there's a gaping hole in many healthcare compliance and security programs: a lack of technical security testing of Web applications, mobile applications, and network systems. This includes basically anything with an IP address or a URL that's in any way involved with the processing and storage of PHI.

Some people refer to this security testing as penetration testing, security auditing, or a vulnerability assessment. Whatever you call it, one thing should be clear: Failure to test your organization's technical security is the root of many security incidents. Although security testing can detect critical weaknesses in an organization's systems (which, ironically, often points to failures in supposedly compliant policies and processes), it is often ignored.
The following are all-too-common technical security flaws that may not only throw you out of compliance with HIPAA, but also get you into a real bind in the event of a breach:
  • Web applications
  • Default, blank, or otherwise weak passwords on servers and workstations
  • Physical security systems (e.g., Internet protocol cameras and access control systems for doors) that are running with the default settings and, thus, are wide open for employees or intruders to cover their tracks after carrying out malicious acts
Continue reading "Address top security flaws on your network" by Kevin Beaver, CISSP, an information security consultant, expert witness, and professional speaker with Principle Logic, LLC, in Atlanta. Subscribers to Briefings on HIPAA have free access to this article in the December issue.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular