Top HIPAA Security Concerns
With medical personnel becoming rapidly used to easier access to patient files through EMRs, security concerns also increase. Information sharing helps streamline processes and using cloud software to store patient files saves room and eventually will save time in the office. With all these new conveniences come security problems.
Here are the top 4 security concerns for HIPAA compliance:
When accessing confidential information over an internet connection or on a device that is connected to the internet, the risk for malware including viruses, Trojan horses, and spyware increases. To protect medical computers and patient files from malicious software, itâ€™s important to maintain a strong firewall and site-blocker for all browsers on medical computers.
An increasing problem for healthcare IT in maintaining HIPAA compliance are personnel remaining logged in to a computer after walking away. Remaining logged in after abandoning the workstation can allow unauthorized people access to confidential information which is a violation of HIPAA, and additionally could be dangerous for patients. Itâ€™s a good idea to set up an automatic log off to secure all workstations.
Tablets are being heavily used in healthcare with great results. They allow doctors to move around their practice with up to date patient information as well as internet access for research. These convenient devices though are often not left at the office, and many times are the property of individual personnel within the organization and this poses serious security risks. Devices need to be secured to protect patient information at all times. Meaning firewalls, practice security measures, and additional log out precautions are necessary on mobile devices.
One of the smallest, but no less threatening, concerning facing health care IT are USBs and flash drives that are able to hold lots of information in one small device. The easy nature of information sharing with USBs and flash drives means that someone could copy over confidential files in seconds at an abandoned workstation if someone had not logged off properly. Guarding against this type of security is difficult in a busy environment like a medical practice so putting in place strict log off policies is important.
It can be easy to get overwhelmed by HIPAA compliance, but there are comprehensive security software packages available to help personnel feel safer accessing patient files and maintain HIPAA compliance.
Written by: JD Sherry is Global Director of Technology and Solutions for Trend Micro. He is responsible for providing guidance and awareness regarding Trend Microâ€™s entire security portfolio aimed at protecting both commercial and government cloud ecosystems. He also develops comprehensive security software packages for small businesses.