The Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the regulations promulgated there require all healthcare providers, health insurance plans, and certain other health industry participants to take specific, measurable steps to protect the confidentiality, integrity, and availability of the protected health information (PHI) they maintain. While much of HIPAA focuses on data privacy, most healthcare providers and payers are culturally conditioned to treat medical records with privacy. However, HIPAA also requires covered entities to secure their data systems; this is an area where many healthcare providers lack experience and expertise.
A complete HIPAA security program will include policies and procedures, audit capabilities, as well as physical, technical and administrative safeguards. Such a program will start with an analysis to determine the risks to the system and the information stored there. Much of the information that is useful for identity theft is contained in PHI, and medical identity theft is a growing problem that can result in tremendous damage and even death. The need to insure the security of this information cannot be exaggerated.
No security program is complete without the ability to test the system against threats to privacy and security, from both within and outside the organization. CSI External Penetration Test, Social Engineering Test and iScan Remote Internal Vulnerability Assessment are useful tools in any HIPAA security program and provide the following advantages:
- Helps ensure compliance with the HIPAA Security Rule
- Assists in initial risk assessment testing and in regular check-ups
- Addresses internal weaknesses and external threats
- Reduces the likelihood of intrusion for medical identity theft or other identity theft
- Reduces risk of violations, fines and penalties
Your HIPAA privacy and security efforts are too important to the health of your organization to leave out the important aspects of improper internal access and external penetration of your system. Protect your systems with a cost-effective solution.