By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    stress disorder
    5 Ways To Manage Post-Traumatic Stress Disorder
    October 27, 2021
    Medical device classification and development strategies
    Medical device classification and development strategies
    January 19, 2022
    varicose veins
    Varicose Veins Prevention: 3 Lifestyle Changes to Make Right Now
    May 1, 2022
    Latest News
    3 Ways To Deal With Health Issues In Cities With High Pollution
    March 22, 2023
    What Tools Should Your Caregiver Have?
    March 22, 2023
    How to Combat Home Sickness After Moving Abroad
    March 19, 2023
    4 Ways to Recover from a Broken Hip
    March 14, 2023
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    What Graduates Of Medical College Should Look For In An Employer
    January 17, 2020
    Population Health Management
    Secrets of Population Health Management [INFOGRAPHIC]
    November 7, 2014
    5 Reasons Why Dementia Is Increasing In Older Adults And What Can Physicians Do About It
    February 5, 2021
    Latest News
    What Are Bioidentical Hormones Made With?
    March 23, 2023
    Cover Medical Costs of Child Dog Bites with Legal Specialists
    March 23, 2023
    3 Ways to Improve the U.S. Healthcare System By 2030
    March 14, 2023
    6 Steps To Ensure Speed And Efficiency Of Clinical Studies
    March 14, 2023
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: How to Manage HIPAA Security
Share
Sign In
Notification Show More
Latest News
The Best Natural Sleep Remedies & Aids
The Best Natural Sleep Remedies & Aids
Wellness
Bioidentical Hormones
What Are Bioidentical Hormones Made With?
Medical Education
chemical peels for skin disorders
Chemical Peels Can Do Wonders for Treating Skin Disorders
Skin
health benefits of lip enhancements
Cleveland Clinic Cites Health Benefits of Lip Enhancements
lifestyle
child dog bite lawyer
Cover Medical Costs of Child Dog Bites with Legal Specialists
News
Aa
Health Works CollectiveHealth Works Collective
Aa
Search
Have an existing account? Sign In
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > Uncategorized > How to Manage HIPAA Security
Uncategorized

How to Manage HIPAA Security

ShahidShah
Last updated: 2011/09/19 at 7:01 AM
ShahidShah
Share
6 Min Read
SHARE

 

I get lots of questions about HIPAA security these days; especially as EHR firms, hospitals, payers, and startups alike are being asked about their HIPAA policies.

 

I get lots of questions about HIPAA security these days; especially as EHR firms, hospitals, payers, and startups alike are being asked about their HIPAA policies.

More Read

managing alcohol addiction

Tips to Create a Plans To Stay the Course of Sobriety

Best Practices on Expediting Your Recovery After a Serious Injury
What is the Future of Blockchain Technology in the Healthcare Sector?
6 Foods That Can Improve Your Autoimmune System
Essential Steps to Take to Recover from a Slip and Fall Injury

My general recommendation is that you should forget about HIPAA at first (because it’s a toothless, generally unenforceable, regulation that will never improve security because it is a bureaucratic compliance tool). Instead, you should concentrate on good security practices, good security policies, follow recommended NIST guidance, and then come back and tie in the HIPAA regulations to make sure you don’t miss anything from the privacy side.

Also, don’t worry about finding “HIPAA auditors” initially — instead, focus on finding white hat hackers that can help you with penetration testing and hack attempts to truly focus on your threats and not on perceived HIPAA threats. Once you get beyond HIPAA as a security goal you’ll end up with much better security and then you can tie HIPAA into your privacy policies to make sure you’re not missing any major regulations.

Here’s how to proceed:

  1. Get a security policy in place — start with http://www.informationshield.com/ or http://www.instantsecuritypolicy.com. Both of these sites help you think about all the really difficult questions and options you have and help you construct a single document that would come out better than you can do on your own (initially). You can generate a pretty decent document within about 30 to 40 hours of work.
  2. As you’re getting your security documentation in place, take a look at the NIST 800-53 Information Security Policies for Federal Agencies guidance document. Why a federal agency guidance document? Because it’s thorough; most of it will be applicable to healthcare and is worth reviewing to make sure you don’t miss anything when you’re laying out your security policies and controls. Another reason to know about it is that there are lots of consultants out there that know NIST 800-53 and can help you out. Set aside about 8 to 12 hours to really get a good overview of this guidance document.
  3. Just to complete your understanding of the NIST security guidance, check out the other NIST special publications.
  4. Armed with a starter document from step #1 and a basic understanding of the NIST guidance, contact guys who are not HIPAA guys but are security policy experts (contact me privately and I can put you in touch with some) that can review your document. In less than 8 hours of work you can have the document improved in ways that you never imagined (assuming you’re talking to a security expert, not a compliance person).
  5. With a proper policy document now in place, get in touch with a security company that can help you with penetration testing and evaluating your policies in excruciating detail. HIPAA auditors are not what I mean here; I mean guys that can try to break into your system and tell you whether the policies will work and what holes you need to fill in — the “white hat” crowd. This might take as little as 20 to 30 hours or hundreds of hours, depending on the state of your security policies and actual security tools in place.
  6. Go back to the tools in step #1 and plug in all your real security holes with either policies or security tools recommended by the testing firm(s) and consultant(s) and iterate over your document.
  7. With a near-final security document in place, schedule a quarterly test and evaluation and a change control process for how you will keep your documents, real security tools, and policies in good shape. You will need to review your own logs daily, weekly, and monthly and have the experts come in no later than quarterly (monthly is even better). To see one approach to how the feds recommend doing this (again, it’s completely applicable to healthcare) check out the FedRAMP program.
  8. With your documentation now ready and a good change control process in place, now you’re (finally!) ready for the HIPAA auditors; they can now concentrate on the compliance activities and you won’t be fooled into thinking that HIPAA compliance means you’re more secure.

If you’ve got other thoughts that can help the health IT community, drop us some comments here.

TAGGED: HIPAA security

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
ShahidShah September 19, 2011
Share this Article
Facebook Twitter Copy Link Print
Share
Previous Article Minute Clinics Threaten Doctors: Who Wins?
Next Article Difference Between Medical Billing Software and EMR

Stay Connected

1.5k Followers Like
4.5k Followers Follow
2.8k Followers Pin
136k Subscribers Subscribe

Latest News

The Best Natural Sleep Remedies & Aids
The Best Natural Sleep Remedies & Aids
Wellness March 23, 2023
Bioidentical Hormones
What Are Bioidentical Hormones Made With?
Medical Education March 23, 2023
chemical peels for skin disorders
Chemical Peels Can Do Wonders for Treating Skin Disorders
Skin March 23, 2023
health benefits of lip enhancements
Cleveland Clinic Cites Health Benefits of Lip Enhancements
lifestyle March 23, 2023

You Might also Like

homecare medicare
Medicare

The Importance of A Hospital Bed in Home Care

February 26, 2023
healthcare workers with gloves
Hospital Administration

Tips to Keep Health Workers Safe in the Workplace

February 8, 2023
clinical trial
Uncategorized

Clinical Trials and the Time it Takes to Complete Them

August 31, 2022
choose the right software to develop healthcare apps
Uncategorized

Choosing the Best Software for Developing Healthcare Applications

July 25, 2022
//

We influence million of users and is the most authentic source of information on healthcare business and technology news.

Quick Links

  • About
  • Contact
  • Privacy
Subscribe

Subscribe to our newsletter to get our newest articles instantly!

Follow US

© 2008-2023 HealthWorks Collective. All Rights Reserved.

Removed from reading list

Undo
Welcome Back!

Sign in to your account

Lost your password?