De-mystifying HIPAA for Nano Enterprises
With all the talk of HIPAA/HiTech Act compliance lately and penalties for non-compliance by 2015, we thought we would provide some insight into some basic steps, “Nano Enterprises” can follow to be prepared for what’s coming… In essence, modernize the aging IT that small businesses have all gotten used to. For more details on the HIPAA laws, check out this link: www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf
One of the primary goals of “HIPAA compliance” revolves around the concept that sensitive data needs to be protected at all points in a network. This goes not only for premise-based infrastructure but also cloud computing platforms.
Here are 5 guidelines health-care providers and business owners grappling with HIPAA need to follow:
1. Access Control:
Granting varied levels of access to patient information is critical when it comes to protecting data. By employing access control policies, you can limit users and devices that have access to your patient’s information, reducing risk of leaking sensitive data.
2. Secure Remote Access:
With the many choices of mobile devices such as laptops, tablets and smart phones, it is very simple for employees to have access to your worksites systems. Make sure each device is secured while enabling traceability of end-users that access your systems. A virtual private network (VPN) provides, secure, permission-based remote access to your data and adds a layer of authorization/access control to your network. VPNs also enable traceability of end user access to your networks and applications.
3. Protect Networks:
Securing the locations where patient data is stored is extremely critical. Also, implement security measures that protect against breaches of confidential information such as firewalls and anti-virus software. Hardware-based firewall services and web content filtering protect your network against breaches by hackers while enabling authorized traffic and regulatory compliance for your staff.
4. Adopt End-to-End encryption:
When sending any sensitive data out of your network it is crucial that the data is always sent encrypted. And remember when storing patient information in the cloud, it is also mandatory that it is encrypted while transferring.
5. Disaster and Recovery Back-up Plan:
Be proactive and have a 2-tiered or failsafe disaster recovery plan that includes off-site back-up in addition to premise-based backup. Practicing continuous data back-ups both locally and off-site can ensure that in the event of a disaster or breach, you can recover the information quickly and get your business running smoothly again with minimal disruption. Periodic data restores from off-site repositories is crucial to ensure that the data integrity is in fact maintained and the business can bounce back from a disaster rapidly.
Fortunately, with new advancements in cloud-based technologies, it is now possible to implement many of the features defined above (and as required by HIPAA) in a single platform. Entreda’s Unify 5n1, is an affordable, cloud-powered, Unified Services Management (USM) platform that liberates health-care providers and small business owners from a host of product silos while streamlining and future-proofing their operations. Unify 5n1 provides a comprehensive set of core infrastructure services including WiFi access, VPN & firewall, automated backup, cloud-based disaster recovery, and more in a single, easy to set-up platform. All Entreda Unify 5n1 features are fully accessible via an icon-rich Unify IT Self-Service Console - enabling health care professionals and business owners to manage their IT operations with the same ease of use as a modern consumer smart phone. Here is a link to learn more about Unify 5n1.. www.entreda.com/unify5n1