/ Web Site
HIPAA: Requirements for intranet collaboration software
Sharing private health information over the internet can be a risky business. Unfortunately, as people become accustomed to doing most if not all of their personal business online, the demand for accessing this information online will grow to the point that health care providers will have no choice but to either provide access to this private health information or lose their customers.
The Health Insurance Portability and Accountability Act (HIPAA) was enacted to assure the confidentiality of patient information. This requires that health care providers employ stringent measures to assure that information shared on the internet is protected from unauthorized access.
The HIPAA Act requires health-providing entities to:
• Assign responsibility for security to a person or organization.
• Assess security risks and determine the major threats to the security and privacy of protected health information.
• Establish a program to address physical security, personnel security, technical security controls, and security incident response and disaster recovery.
• Certify the effectiveness of security controls.
• Develop policies, procedures and guidelines for use of personal computing devices (workstations, laptops, hand-held devices), and for ensuring mechanisms are in place that allow, restrict and terminate access (access control lists, user accounts, etc.) appropriate to an individual's status, change of status or termination.
• Implement access controls that may include encryption, context-based access, role-based access, or user-based access; audit control mechanisms, data authentication, and entity authentication
This law has serious implications for organizations that allow unauthorized access resulting in a breach in confidentiality.
Security is the key
Since the HIPAA law provides for both civil and criminal penalties for violations, data and access security is of the utmost importance. To assure HIPPA compliance, online document management on company intranets and extranets must include a number of security features:
• Secure web server – a server running secure socket layers is the minimum needed.
• Encrypted database – all data must be encrypted. Software is available that will encrypted all data sent between two computer over the internet.
• Secure access control -- in addition to a traditional user id and password, it may be a good idea to use a strong password or smart card as additional security.
• Session timeout – this assures that confidential data is not left on an unattended screen.
• Server monitoring – the secure web server needs to be strictly monitored to detect break-in attempts.
• Regular security audits – regular audits are required to make sure all security precautions are working properly.
• Personnel – system maintenance should be in the hands of qualified personnel familiar with HIPPA requirements
Article Source: http://www.redsofts.com/articles/
Laura Schweiker writes extensively on the use of technology by businesspeople and is an evangelist for online collaboration and intranet solutions.
More Articles from Web Site Category:
Stalker Case Study 4: Suicide Can Be Profitable
Is Your Website Image Up to Par?
9 Warning Signs You Might Be Infected With Spyware And/Or Adware
Spyware IS Good
Businesses Face Spyware Threats on a Day to Day basis.
Safely Surfing the Internet and staying free from Spyware.
Steps Forward in Fighting Spyware
Did I Hear You Say, Mama, Help Me! I Lost My Websites!
The Usefulness of Covert Listening Devices
Buying From a Spy Shop
Disguises for Spy Bugs
Ten Steps to Reduce Your Risk of Identity Theft
Application Security - IT Risk Management
Intrusion Prevention - IT Risk Management
Spy Phone Accessories