HIPAA Requirements For Intranet Collaboration Software

HIPAA Requirements For Intranet Collaboration Software



Sharing private health information over the​ internet can be a​ risky business. Unfortunately,​ as​ people become accustomed to​ doing most if​ not all of​ their personal business online,​ the​ demand for accessing this information online will grow to​ the​ point that health care providers will have no choice but to​ either provide access to​ this private health information or​ lose their customers.

The Health Insurance Portability and Accountability Act (HIPAA) was enacted to​ assure the​ confidentiality of​ patient information. This requires that health care providers employ stringent measures to​ assure that information shared on​ the​ internet is​ protected from unauthorized access.

The HIPAA Act requires health-providing entities to:
• Assign responsibility for security to​ a​ person or​ organization.
• Assess security risks and determine the​ major threats to​ the​ security and privacy of​ protected health information.
• Establish a​ program to​ address physical security,​ personnel security,​ technical security controls,​ and security incident response and disaster recovery.
• Certify the​ effectiveness of​ security controls.
• Develop policies,​ procedures and guidelines for use of​ personal computing devices (workstations,​ laptops,​ hand-held devices),​ and for ensuring mechanisms are in​ place that allow,​ restrict and terminate access (access control lists,​ user accounts,​ etc.) appropriate to​ an​ individual's status,​ change of​ status or​ termination.
• Implement access controls that may include encryption,​ context-based access,​ role-based access,​ or​ user-based access; audit control mechanisms,​ data authentication,​ and entity authentication

This law has serious implications for organizations that allow unauthorized access resulting in​ a​ breach in​ confidentiality.

Security is​ the​ key

Since the​ HIPAA law provides for both civil and criminal penalties for violations,​ data and access security is​ of​ the​ utmost importance. to​ assure HIPPA compliance,​ online document management on​ company intranets and extranets must include a​ number of​ security features:

• Secure web server – a​ server running secure socket layers is​ the​ minimum needed.
• Encrypted database – all data must be encrypted. Software is​ available that will encrypted all data sent between two computer over the​ internet.
• Secure access control -- in​ addition to​ a​ traditional user id and password,​ it​ may be a​ good idea to​ use a​ strong password or​ smart card as​ additional security.
• Session timeout – this assures that confidential data is​ not left on​ an​ unattended screen.
• Server monitoring – the​ secure web server needs to​ be strictly monitored to​ detect break-in attempts.
• Regular security audits – regular audits are required to​ make sure all security precautions are working properly.
• Personnel – system maintenance should be in​ the​ hands of​ qualified personnel familiar with HIPPA requirements




Related Articles:




Powered by Blogger.