Working as an IT manager for a Medicare healthcare company that has passed many HIPPA requirements I have learned a few things.
Sure HIPPA is hard to decipher but by sticking to strong IT best practices for security in your infrastructure you will not have to learn all of the complexities.
Here is a short list:
I strongly recommend looking into Citrix to lockdown your medical applications and data. Keep your servers in a secure offsite datacenter and use a backup site for DR/BCP. Consolidate as much as possible with virtualization. Build interfaces to all applications and avoid things like file shares. If you must use word/excel docs use a DMS systems to keep permissions tight. Remote access should always require two-factor authentication and endpoints should be screened. Encrypt all your backups including images and tape.
If you work for a decent size company in another industry wouldn?t you architect things this way anyways? HIPPA just says you have to.
Discussion on:
View:
Show:
HIPPA compliance is about much more than keeping your client(s) happy. The only way to adhere to compliance regulations like HIPPA is by following a very systematic set of steps. Failing to meet the expectations of regulatory compliance auditors can result in hefty fines and or a loss of credibility, so is essential for all organizations to understand those expectations and the means of meeting them.
What works for one organization may not work for another, but for me, I have found that an arsenal ofthere are an arsenal of third-party regulatory compliance solutions that can help.s ease the burden. Before making any purchases, it is of course necessary to do the research and find what works best for your organization, but after careful consideration, we decided to go with the the NetWrix Change Reporter Suite is a helpful solution. The Change Reporter Suite was inexpensive and easy to use., so for us, it was a no-brainer. The solution It automates daily audit reports that allow my allow IT administrators to monitor all Active Directory, VMware, MS Exchange, Group Policy, SQL Server and File Server changes.
So before assuming that you are in compliance with HIPPA regulations because all of your clients are happy, consider the risks and damages that can be done to your organization by way of one failed audit report. It is definitely worth looking into third-party solutions like the NetWrix Change Reporter Suite, which automates the steps necessary to ensure strict adherence. Learn more about HIPPA compliance here: http://netwrix.com/HIPAA_Compliance.html.
Stephen Schimmel, Product Manager, NetWrix Corporation
www.netwrix.com
What works for one organization may not work for another, but for me, I have found that an arsenal ofthere are an arsenal of third-party regulatory compliance solutions that can help.s ease the burden. Before making any purchases, it is of course necessary to do the research and find what works best for your organization, but after careful consideration, we decided to go with the the NetWrix Change Reporter Suite is a helpful solution. The Change Reporter Suite was inexpensive and easy to use., so for us, it was a no-brainer. The solution It automates daily audit reports that allow my allow IT administrators to monitor all Active Directory, VMware, MS Exchange, Group Policy, SQL Server and File Server changes.
So before assuming that you are in compliance with HIPPA regulations because all of your clients are happy, consider the risks and damages that can be done to your organization by way of one failed audit report. It is definitely worth looking into third-party solutions like the NetWrix Change Reporter Suite, which automates the steps necessary to ensure strict adherence. Learn more about HIPPA compliance here: http://netwrix.com/HIPAA_Compliance.html.
Stephen Schimmel, Product Manager, NetWrix Corporation
www.netwrix.com
I agree Gary? HIPAA legal jargon is more than confusing. It?s so complex and difficult to read that it can be hard to know for sure whether or not a given organization is adhering to HIPAA compliance regulations.
Where I differ in opinion, however, is when you say that by doing what is best for your client, you are being HIPPA compliant. Of course I understand that you don?t mean this literally, but the penalties and stigma attached to failed HIPAA audits are far too steep to leave in such an ?up-in-the-air philosophy. It is absolutely essential for all required organizations to do everything possible to ensure HIPAA compliance, as based on the concrete standards provided by the statute. There are several solutions that help IT administrators sidestep the legal jargon by automating the adherence process. NetWrix Corporation is one of them. NetWrix offers solutions designed specifically to meet the standards of HIPAA auditors-- Auditing of disabled accounts, automated de-provisioning of inactive user accounts and automated disabling and removal with full reporting; centralized consolidation and easy to use reporting of all successful and failed logon/logoff activities with extensive filtering capabilities; etc.
Take a look at how NetWrix can make HIPAA compliance an automated procedure at http://www.netwrix.com/HIPAA_Compliance.html
Thanks for your insight Gary,
Stephen Schimmel
Product manager
NetWrix Corporation
www.netwrix.com
Where I differ in opinion, however, is when you say that by doing what is best for your client, you are being HIPPA compliant. Of course I understand that you don?t mean this literally, but the penalties and stigma attached to failed HIPAA audits are far too steep to leave in such an ?up-in-the-air philosophy. It is absolutely essential for all required organizations to do everything possible to ensure HIPAA compliance, as based on the concrete standards provided by the statute. There are several solutions that help IT administrators sidestep the legal jargon by automating the adherence process. NetWrix Corporation is one of them. NetWrix offers solutions designed specifically to meet the standards of HIPAA auditors-- Auditing of disabled accounts, automated de-provisioning of inactive user accounts and automated disabling and removal with full reporting; centralized consolidation and easy to use reporting of all successful and failed logon/logoff activities with extensive filtering capabilities; etc.
Take a look at how NetWrix can make HIPAA compliance an automated procedure at http://www.netwrix.com/HIPAA_Compliance.html
Thanks for your insight Gary,
Stephen Schimmel
Product manager
NetWrix Corporation
www.netwrix.com
If anyone is intersted in talking about offsite backup and recovery, or hosting capabalities, please reach out to me at 847 585 1470.
Established in 2001, and based in the Chicago suburbs, we have successfully completed over 1200 data related projects across the globe and are a SAS 70 Type II (soon to be SSAE 16) certified Managed Service Provider
Our two most popular offerings are the UbiStor managed disk-to-disk backup/recovery offering and our virtual hosting options. The data backup solution will allow you to eliminate backup tape systems and all of the costs/shortcomings that come with tape backup. Our encrypted on-line data backup process safely moves your data to our secure offsite locations while eliminating the need to perform manual tape based back-ups. Virtual Hosting allows you to transition critical applications or servers to a secure Tier 4 data center to reduce your
exposure and keep your business online. Both can become an integral
part of your business continuity and disaster recovery plans
Established in 2001, and based in the Chicago suburbs, we have successfully completed over 1200 data related projects across the globe and are a SAS 70 Type II (soon to be SSAE 16) certified Managed Service Provider
Our two most popular offerings are the UbiStor managed disk-to-disk backup/recovery offering and our virtual hosting options. The data backup solution will allow you to eliminate backup tape systems and all of the costs/shortcomings that come with tape backup. Our encrypted on-line data backup process safely moves your data to our secure offsite locations while eliminating the need to perform manual tape based back-ups. Virtual Hosting allows you to transition critical applications or servers to a secure Tier 4 data center to reduce your
exposure and keep your business online. Both can become an integral
part of your business continuity and disaster recovery plans
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
