By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    improving patient experience
    6 Ways to Improve Patient Satisfaction Within Hospitals
    December 1, 2021
    degree for healthcare job
    What Are The Health Benefits Of Having A Degree?
    March 9, 2022
    custom software development is changing healthcare
    Digital Customer Journey Mapping and its Importance for Healthcare
    July 21, 2022
    Latest News
    Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
    May 16, 2025
    Learn how to Renew your Medical Card in West Virginia
    May 16, 2025
    Choosing the Right Supplement Manufacturer for Your Brand
    May 1, 2025
    Engineering Temporary Hospitals for Extreme Weather
    April 24, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    Can Thinking Younger Make You Live Longer?
    April 20, 2011
    Image
    Obesity’s Outlook Unchanged
    June 13, 2011
    When It’s An Emergency Elderly Not Treated As Well in Hospitals
    July 16, 2011
    Latest News
    Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
    May 18, 2025
    The Critical Role of Healthcare in Personal Injury Recovery: A Comprehensive Guide for Victims
    May 14, 2025
    The Backbone of Successful Trials: Clinical Data Management
    April 28, 2025
    Advancing Your Healthcare Career through Education and Specialization
    April 16, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: How to Manage HIPAA Security
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > Uncategorized > How to Manage HIPAA Security
Uncategorized

How to Manage HIPAA Security

ShahidShah
Last updated: September 19, 2011 7:01 am
ShahidShah
Share
6 Min Read
SHARE

 

I get lots of questions about HIPAA security these days; especially as EHR firms, hospitals, payers, and startups alike are being asked about their HIPAA policies.

 

I get lots of questions about HIPAA security these days; especially as EHR firms, hospitals, payers, and startups alike are being asked about their HIPAA policies.

More Read

Terminologies Profiling IT Usage Within Healthcare
Essential Steps to Take to Recover from a Slip and Fall Injury
Interview/Podcast: Tim Fowler Discusses Bluetooth®-Low-Energy Enabled iPhone M-Health App Pt.2
Infographic:Race to the ICD-10 Finish Line
Linking ICD-10 and the Future of HCIT

My general recommendation is that you should forget about HIPAA at first (because it’s a toothless, generally unenforceable, regulation that will never improve security because it is a bureaucratic compliance tool). Instead, you should concentrate on good security practices, good security policies, follow recommended NIST guidance, and then come back and tie in the HIPAA regulations to make sure you don’t miss anything from the privacy side.

Also, don’t worry about finding “HIPAA auditors” initially — instead, focus on finding white hat hackers that can help you with penetration testing and hack attempts to truly focus on your threats and not on perceived HIPAA threats. Once you get beyond HIPAA as a security goal you’ll end up with much better security and then you can tie HIPAA into your privacy policies to make sure you’re not missing any major regulations.

Here’s how to proceed:

  1. Get a security policy in place — start with http://www.informationshield.com/ or http://www.instantsecuritypolicy.com. Both of these sites help you think about all the really difficult questions and options you have and help you construct a single document that would come out better than you can do on your own (initially). You can generate a pretty decent document within about 30 to 40 hours of work.
  2. As you’re getting your security documentation in place, take a look at the NIST 800-53 Information Security Policies for Federal Agencies guidance document. Why a federal agency guidance document? Because it’s thorough; most of it will be applicable to healthcare and is worth reviewing to make sure you don’t miss anything when you’re laying out your security policies and controls. Another reason to know about it is that there are lots of consultants out there that know NIST 800-53 and can help you out. Set aside about 8 to 12 hours to really get a good overview of this guidance document.
  3. Just to complete your understanding of the NIST security guidance, check out the other NIST special publications.
  4. Armed with a starter document from step #1 and a basic understanding of the NIST guidance, contact guys who are not HIPAA guys but are security policy experts (contact me privately and I can put you in touch with some) that can review your document. In less than 8 hours of work you can have the document improved in ways that you never imagined (assuming you’re talking to a security expert, not a compliance person).
  5. With a proper policy document now in place, get in touch with a security company that can help you with penetration testing and evaluating your policies in excruciating detail. HIPAA auditors are not what I mean here; I mean guys that can try to break into your system and tell you whether the policies will work and what holes you need to fill in — the “white hat” crowd. This might take as little as 20 to 30 hours or hundreds of hours, depending on the state of your security policies and actual security tools in place.
  6. Go back to the tools in step #1 and plug in all your real security holes with either policies or security tools recommended by the testing firm(s) and consultant(s) and iterate over your document.
  7. With a near-final security document in place, schedule a quarterly test and evaluation and a change control process for how you will keep your documents, real security tools, and policies in good shape. You will need to review your own logs daily, weekly, and monthly and have the experts come in no later than quarterly (monthly is even better). To see one approach to how the feds recommend doing this (again, it’s completely applicable to healthcare) check out the FedRAMP program.
  8. With your documentation now ready and a good change control process in place, now you’re (finally!) ready for the HIPAA auditors; they can now concentrate on the compliance activities and you won’t be fooled into thinking that HIPAA compliance means you’re more secure.

If you’ve got other thoughts that can help the health IT community, drop us some comments here.

TAGGED:HIPAA security
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

Clinical Expertise
Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
Health care
May 18, 2025
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Health
May 15, 2025
Learn how to Renew your Medical Card in West Virginia
Learn how to Renew your Medical Card in West Virginia
Health
May 15, 2025
Dr. Klaus Rentrop Shares Acute Myocardial Infarction heart treatment
Dr. Klaus Rentrop Shares Acute Myocardial Infarction
Cardiology
May 13, 2025

You Might also Like

Health in a Networked Life

February 14, 2011

Do Not Fear Open Source Software in Medical Devices or Mission-Critical Healthcare IT Systems

September 12, 2011
dental x-rays
Dental healthSpecialtiesUncategorized

Everything You Need To Know About Dental X-Rays And 3D Imaging

July 1, 2021
Cloud Security Concerns of Small & Medium-Sized Businesses
Uncategorized

Rethinking the Outsourced Cloud – Cloud Security Concerns

September 24, 2011
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?