When it comes to violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, the stakes can be high. Recently, the New York Presbyterian Hospital and Columbia University agreed to settle, in the amount of $4.8 million, charges that they potentially failed to secure thousands of patients' electronic protected health information (ePHI) held on their network.
To prevent costly breaches such as this one from happening, Netwrix Corporation, the provider of change and configuration auditing software, suggests the following best practices every health care organization or insurance provider should implement and maintain to ensure HIPAA compliance.
1) Establish Strict Policies - When enacting stringent compliance policies and procedures across your IT infrastructure, ensure that they work to prevent risk at every level, from user applications all the way through the operating systems and down to the infrastructure level.
2) Enact Controls to Verify Policies Work - Having strict compliance policies achieves the desired effect only if you can verify that those policies are actually working. Consider an auditing solution validating that those policies are working, or alert and report when they are violated.
3) Ensure Your Visibility is Deep - All the policy controls in the world will not protect your organization if it cannot be substantiated by audit reports that prove your compliance. To ensure your organization's compliance, use an auditing solution that will give you complete visibility across your IT infrastructure with relevant reports that can be easily submitted to an auditor.
4) Get Proactive - As your infrastructure becomes increasingly complex, changes can be more difficult to track. By employing an automated change auditing solution, you can detect breaches as soon as they appear and take all the necessary steps before sensitive information is compromised, thus avoiding compliance violations and costly penalties.
5) Be Prepared for Increasingly Strict Requirements - As more breaches occur, compliance regulations are sure to become more stringent. By proactively preparing your organization with an automated compliance auditing solution today, you can be ready for any future compliance requirements or regulations that may be enacted.
"One of the main purposes of compliance regulations is the prevention of breaches and violations; and as a new breach occurs, authorities gather to investigate the root causes and possible prevention mechanisms," said Michael Fimin, CEO of Netwrix. "With each new, highly visible violation, we can expect compliance requirements to become stricter and compliance audits to be more thorough. By employing simple steps to assure automated change and compliance auditing, organizations can safeguard themselves from the threat of devastating violations and penalties."
Source: Netwrix Corporation
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.
Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.