In 1996, the Health Information Portability and Accountability Act, most commonly known as HIPAA, was passed with one of its goals being to ensure uninterrupted coverage for patients. Health Care Organizations (HCOs) need to be able to pass patient records and other data back-and-forth. For this to happen efficiently and reliably, healthcare records would need to become more portable (hence the ‘Portability’ in the act’s title). So the bill set forth new terminology and Electronic Data Interchange (EDI) code sets for transmitting data.

Two parts of HIPAA require attention:

1. The Security Rule (164.306), which establishes safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (PHI).
2. The Privacy Rule (164.502), which orders HCOs to protect PHI and defines the allowable uses and disclosures of PHI, in contrast to “de-identified” health information.

The assured portability of healthcare information plays a tremendous role in improving the safety, efficiency, and quality of healthcare.  The act seeks to assure that anyone and everyone who participates in moving PHI from place-to-place accepts accountability that, at least in part, assures privacy.

Sweeping changes were made to the HIPAA privacy and Security Rules since they were first implemented with the Omnibus Final Rule, effective September 23rd, 2013.

Protected Health Information (PHI) includes any data, including demographic information that relates to any of the following:

• An individual’s past, present or future physical or mental health or condition.
• The provision of healthcare to an individual.
• The past, present, or future payment for the provision of health care to an individual that also identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.
• Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, and Social Security number).

Read more… Download the whitepaper

The post A perspective of compliance readiness of healthcare businesses appeared first on Aegify.

Security Analysis

The task of managing security is complex. Over 32K security gaps are now documented as potential vulnerabilities and are growing alarmingly. The recently discovered vulnerabilities that were lying dormant for years, such as the Heart-bleed, shell shock, and poodle bugs, and the recent GHOST vulnerability have added new dimensions to the security gaps.

Many of the new path breaking technology developments, may not have factored the safety and security components adequately during their development, introduction in the market and their very fast acceptance due to their appeal. The interconnectivity of these new devices is leading us to voluminous data availability and exposure via,  smartphones, Internet of Things (IoT), cloud -based – applications, authentication and storage solutions. Pieces of information picked up from these huge number of connected devices, and big data analytics could open new sources of information exploitation by the organized cyber criminals from volumes of information.

Over 92K checks must be performed to assess the status of security of your infrastructure across your physical and virtual networks, operating systems, databases, and Web applications.

With sophisticated tools, cyber-attackers unfortunately, have asymmetric advantages over businesses.

The need for security analyses stems from the regulatory requirement (45 C.F.R. §§ 164.302 – 318.) This is to help entities in identifying and implementing the most effective and appropriate administrative, physical, and technical safeguards to secure electronic protected health information (e-PHI).

All e-PHI created, received, maintained or transmitted by an organization is subject to the Security Rule. The Security Rule requires entities to evaluate risks and vulnerabilities in their environments and to implement reasonable and appropriate security measures to protect against reasonably anticipated threats or hazards to the security or integrity of e-PHI. Risk analysis is the first step in this process.

The penalties are severe; the second reason why organizations must do a security analysis. For instance, the end of 2014 saw Anchorage Community Mental Services (ACMHS) settlement for potential violations by paying $150,000 and adopt a corrective action plan  to correct the deficiencies in its HIPAA Compliance Program. Read more…Download the whitepaper

The post Why Security and Risk Analysis are a must for HIPAA Compliance and Meaningful Use Attestation? appeared first on Aegify.

Read Whitepaper

The post Keep your Healthcare business Secure and Healthy! appeared first on Aegify.

Read Whitepaper

The post Achieve HIPAA Omnibus Compliance in Five Easy Steps appeared first on Aegify.

Read Whitepaper

The post Security Elements in Aegify appeared first on Aegify.