Protect Against Cyberattacks
Blog

HIPAA Security Compliance in IT

Technology


IT security is a moving target. With cybercriminals using new ransomware and hacking tools to attempt to steal your data every day, security safeguards need to be in place to stay HIPAA compliant. We have created a safeguards checklist to help your organization stay HIPAA compliant. 

When breaking down the technical safeguards for IT security within HIPAA compliance, five standards need to be followed under the Security Rule:

Access Control – The ability or the means necessary to read, write, modify, or communicate data/information or otherwise use any system resource.

Audit Controls – Hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information (ePHI).

Integrity – The property that data or information have not been altered or destroyed in an unauthorized manner.

Authentication – Procedures to verify that a person or entity seeking access to ePHI is the one claimed.

Transmission Security – Technical security measures to guard against unauthorized access to ePHI that is being transmitted over an electronic communications network.

Each of the five standards have nine sub-standards that also need to be checked off. Some sub-standards are required, while others are suggested:

Access ControlUnique User Identification (required): Assign a unique name and/or number for identifying and tracking user identity.

Access ControlEmergency Access Procedure (required): Establish (and implement as needed) procedures for obtaining necessary ePHI during an emergency.

Access ControlAutomatic Logoff (addressable): Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.

Access ControlEncryption and Decryption (addressable): Implement a mechanism to encrypt and decrypt ePHI.

Audit Controls (required): Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI.

IntegrityMechanism to Authenticate ePHI (addressable): Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner.

Authentication (required): Implement procedures to verify that a person or entity seeking access to ePHI is the one claimed.

Transmission SecurityIntegrity Controls (addressable): Implement security measures to ensure that electronically transmitted ePHI is not improperly modified without detection until disposed of.

Transmission SecurityEncryption (addressable): Implement a mechanism to encrypt ePHI whenever deemed appropriate.

There are many layers to HIPAA compliance, and various options for managing risk to the security of sensitive health information. If you would like to know more about how Yeo & Yeo Technology can help your business become compliant, contact us today.

 

Want To Learn More?

Connect with one of our professionals today.