Part 5 of 7
Access controls, including a Secure Patient Portal: With a patient living in a rural location, it is convenient for the physician and patient to share information and correspond through a patient portal system. A patient portal is an interface that allows patients to securely view and gain access to their own information or grant access to an authorized family representative. With Meaningful Use requirements, healthcare organizations are required to integrate a patient portal effectively and safely into their practice operations. Since patient information on the portal is publicly accessible by anyone on the Internet, a proper firewall, a secure Operating System (OS), and security patches/updates must be in place to prevent data mining and the compromise of a patient’s information by unauthorized individuals. Please note— patching and maintaining an OS and firewall is an ongoing process. Proper firewall management provides better protection against intruders, malware, and viruses. Plus, access will be logged that clearly defines the window of exposure, should an unauthorized person gain access to confidential information.
YOUR GOAL IS BREACH PREVENTION
No organization wants to find itself in the position of having to defend a breach. Preventing a breach is ideal and being proactive is necessary. Take these ideas under serious consideration:
• Hire a Managed Service Partner to monitor and manage your IT environment.
• Have regular consultations with a HIPAA knowledgeable attorney.
• Hire a HIPAA Consultant.
• Pay a professional to conduct a Comprehensive Risk Assessment.
• Mitigate the results of a Security Vulnerability Assessment.
• Implement and enforce HIPAA Security Policies/Procedures.
• Get Cyber Insurance and implement a full HIPAA Compliance Program.
• Invest in industry-standard encryption solutions.
• Have an Organizational Policy for addressing and monitoring mobile devices.
• Use Active Directory and Group Policies to enforce User Rights and Security Controls.
• Ensure that medical devices have up-to-date security patches and are malware-free.
• Implement and maintain strong firewalls with subscription services and an Intrusion Detection System (IDS).
• Cultivate a strong, ongoing Security and HIPAA Awareness Program.