Is Your Healthcare Organization at Risk? How to Monitor Devices and Perform Risk Assessments to Stay Protected
Oct 16, 2017
Performing a risk assessment not only helps to ensure healthcare organizations are in compliance with HIPAA requirements, it also brings awareness to potential areas where an organization may be putting protected health information (PHI) at risk. Healthcare providers need to frequently analyze and track where PHI is stored and always know exactly who has access to the information. Nowadays, PHI is stored on internal databases as well as mobile devices and in the cloud. This creates potential security risks for healthcare organizations as traditional security measures, such as strong passwords, are not enough to keep sensitive information protected. Advanced security procedures such as two-factor authentication and end-to-end encryption must be implemented to avoid potential data breaches and devastating consequences.
Prevention is Key
Regularly monitoring the devices where PHI is stored helps organizations to be proactive and safeguard vulnerabilities before they become compromised. Luckily, there are several accessible resources and tools available to help this process.
The Office of the National Coordinator for Health Information Technology (ONC) offers a Security Risk Assessment (SRA) Tool for healthcare organizations looking to perform a risk analysis and ensure they are staying HIPAA compliant. The SRA Tool guides organizations through each HIPAA requirement and notifies them if corrective measures need to be taken or if they are in fact in compliance.
The U.S. Department of Health & Human Services (HHS) also provides assistance to determine if PHI is protected. According to HHS, “Risk analysis should be an ongoing process, in which a covered entity regularly reviews its records to track access to e-PHI and detect security incidents, periodically evaluates the effectiveness of security measures put in place, and regularly reevaluates potential risks to e-PHI.” Safeguards that HHS states must be in place to ensure the appropriate protection of electronic protected health information include but are not limited to:
Administrative Safeguards – The appropriate authorization and supervision of all workforce members who work with e-PHI must be enforced. Access to e-PHI should be role-based and limited to remain consistent with privacy rules.
Physical Safeguards – Strict policies and procedures must be in place regarding the transfer, removal, disposal, and re-use of electronic media to ensure e-PHI is protected.
Technical Safeguards – A covered entity must implement technical security measures that guard against the unauthorized access to e-PHI that is transmitted over an electronic network.
Additionally, healthcare organizations should perform a risk analysis on their fax systems and fax server providers. Unfortunately, many organizations still use outdated fax systems that cannot guarantee security or reliability.
Secure Exchange Network
If your healthcare organization is searching for a 100% secure messaging transport service, look no further. etherFAX’s patented technology extends existing fax server solutions to the cloud and eliminates the need for costly and unsecure fax technology. The etherFAX Secure Exchange Network (SEN) leverages military-grade encryption to guarantee all communications between fax servers, EMRs, and EHRs are safeguarded. Furthermore, etherFAX SEN is fully HIPAA and PCI DSS compliant. To securely send and receive PHI and other unstructured data within your healthcare organization, contact us today.