HIPAA: Requirements For Intranet Collaboration
Software
Author: Laura Schweiker
Software
Author: Laura Schweiker
Sharing private health information over the internet can be a
risky business. Unfortunately, as people become accustomed to
doing most if not all of their personal business online, the
demand for accessing this information online will grow to the
point that health care providers will have no choice but to
either provide access to this private health information or
lose their customers.
The Health Insurance Portability and Accountability Act (HIPAA)
was enacted to assure the confidentiality of patient
information. This requires that health care providers employ
stringent measures to assure that information shared on the
internet is protected from unauthorized access.
The HIPAA Act requires health-providing entities to:
• Assign responsibility for security to a person or
organization.
• Assess security risks and determine the major threats to the
security and privacy of protected health information.
• Establish a program to address physical security, personnel
security, technical security controls, and security incident
response and disaster recovery.
• Certify the effectiveness of security controls.
• Develop policies, procedures and guidelines for use of
personal computing devices (workstations, laptops, hand-held
devices), and for ensuring mechanisms are in place that allow,
restrict and terminate access (access control lists, user
accounts, etc.) appropriate to an individual's status, change
of status or termination.
• Implement access controls that may include encryption,
context-based access, role-based access, or user-based access;
audit control mechanisms, data authentication, and entity
authentication
This law has serious implications for organizations that allow
unauthorized access resulting in a breach in confidentiality.
Security is the key
Since the HIPAA law provides for both civil and criminal
penalties for violations, data and access security is of the
utmost importance. To assure HIPPA compliance, online document
management on company intranets and extranets must include a
number of security features:
• Secure web server – a server running secure socket layers is
the minimum needed.
• Encrypted database – all data must be encrypted. Software is
available that will encrypted all data sent between two
computer over the internet.
• Secure access control -- in addition to a traditional user id
and password, it may be a good idea to use a strong password or
smart card as additional security.
• Session timeout – this assures that confidential data is not
left on an unattended screen.
• Server monitoring – the secure web server needs to be
strictly monitored to detect break-in attempts.
• Regular security audits – regular audits are required to make
sure all security precautions are working properly.
• Personnel – system maintenance should be in the hands of
qualified personnel familiar with HIPPA requirements
About The Author: Laura Schweiker ( http://www.trichys.com)
writes extensively on the use of technology by businesspeople
and is an evangelist for online collaboration and intranet
solutions.
risky business. Unfortunately, as people become accustomed to
doing most if not all of their personal business online, the
demand for accessing this information online will grow to the
point that health care providers will have no choice but to
either provide access to this private health information or
lose their customers.
The Health Insurance Portability and Accountability Act (HIPAA)
was enacted to assure the confidentiality of patient
information. This requires that health care providers employ
stringent measures to assure that information shared on the
internet is protected from unauthorized access.
The HIPAA Act requires health-providing entities to:
• Assign responsibility for security to a person or
organization.
• Assess security risks and determine the major threats to the
security and privacy of protected health information.
• Establish a program to address physical security, personnel
security, technical security controls, and security incident
response and disaster recovery.
• Certify the effectiveness of security controls.
• Develop policies, procedures and guidelines for use of
personal computing devices (workstations, laptops, hand-held
devices), and for ensuring mechanisms are in place that allow,
restrict and terminate access (access control lists, user
accounts, etc.) appropriate to an individual's status, change
of status or termination.
• Implement access controls that may include encryption,
context-based access, role-based access, or user-based access;
audit control mechanisms, data authentication, and entity
authentication
This law has serious implications for organizations that allow
unauthorized access resulting in a breach in confidentiality.
Security is the key
Since the HIPAA law provides for both civil and criminal
penalties for violations, data and access security is of the
utmost importance. To assure HIPPA compliance, online document
management on company intranets and extranets must include a
number of security features:
• Secure web server – a server running secure socket layers is
the minimum needed.
• Encrypted database – all data must be encrypted. Software is
available that will encrypted all data sent between two
computer over the internet.
• Secure access control -- in addition to a traditional user id
and password, it may be a good idea to use a strong password or
smart card as additional security.
• Session timeout – this assures that confidential data is not
left on an unattended screen.
• Server monitoring – the secure web server needs to be
strictly monitored to detect break-in attempts.
• Regular security audits – regular audits are required to make
sure all security precautions are working properly.
• Personnel – system maintenance should be in the hands of
qualified personnel familiar with HIPPA requirements
About The Author: Laura Schweiker ( http://www.trichys.com)
writes extensively on the use of technology by businesspeople
and is an evangelist for online collaboration and intranet
solutions.
