There are very big concerns about IT Security in this age of mobile healthcare technology. In order to abide by federal regulations, healthcare personnel and facilities must safeguard patients' records and privacy. This is especially important in view of the proliferation of mobile communication and IT devices.
HIPAA Requirements
The Health Information Portability and Accountability Act of 1996 addresses protected health information and stipulates requirements of what hospitals and doctor's offices must do. Specifically, all covered entities must:
- Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;
- Identify and protect against reasonably anticipated threats to the security or integrity of the information;
- Protect against reasonably anticipated, impermissible uses or disclosures; and
- Ensure compliance by their workforce.
Electronic Health Records
Many physicians, clinics and hospitals have implemented electronic health records due to the incentives of the HITECH act. This has created an increased need for data storage, backup & recovery, which must comply with HIPAA regulations for ensuring the security of patient information and critical records. Some of these records must be saved for five years up to the lifetime of the patient. Having this information reside on, or be accessible through mobile devices, complicates this issue even more. It is even more important to monitor and attend to e-PHI security.
- Compliance with HIPAA
- Trust of patients and families
- Attacks on data
- Risk of identity theft of records
- Cost of compromised records is $250/record
WLANS in Healthcare
The use of mobile devices like smart phones, tablets and portable laptops has extended the access to e-PHI through wireless local area networks (WLANs). This has brought it's own set of difficulties, such as:
- WLAN Scanning and Monitoring
- Unauthorized APs
- Endpoint attacks
- WLAN Malware
These are severe security issues that come with the territory. But there are measures and security items you can implement to reduce the risk and secure the WLAN.
- Policies and education of the workforce
- Wireless Security Assessments
- Configuration management and Patch management
- Restrict all Access Points and devices
- Proper authorization
- IDS/IPS detection systems
- Strong encryption
- Network segmentation
- Network access control
- Protect all wireless medical devices
Implementing Mobile Security
There are a couple different ways to implement the needed security and be in compliance with HIPAA and HITECH. One way is to purchase servers, firewalls, tape backups, hire & train in-house IT staff, install software on all workstations and mobile devices, and troubleshoot all issues. Plus upgrade every few years.
Another way is to outsource IT security and eliminate all the expensive in-house hardware, security systems, maintenance costs and even workstations by using a highly secure and private data center off site. This outsourcing takes care of all the maintaining of hardware, installing and updating software, troubleshooting and many other daily IT tasks. You will also want to ensure there is a 24 hour helpdesk with techs to work through issues.
By using a company like Netgain, who created a better way to to healthcare IT security of records. They are revolutionizing the eHealth services IT solutions that work with the eHealth architecture created for all sizes of health organizations.
Image courtesy of: Stuart Miles/ Freedigitalphotos.net