The Department of Health and Human Services known as HHS released even more safeguards for patients health information. The primary change is the Omnibus rule, which says any improper use will be considered a breach and would result in mandatory notification requirements. The omnibus rule also extends the requirements of HIPAA privacy to all business associates of physicians and all subcontractors doing business with physicians. The official deadline for the omnibus rule is March 26, 2013. Proper policies and technologies should be implemented immediately to ensure compliance. Some helpful technologies for HIPAA that BorderLAN Network Security supplies are:
- Email Encryption – Helps physicians communicate with contractors third-party medical facilities, hospitals, and even home healthcare practitioners about patients securely.
- Intelligent antivirus – enterprise level AV software to watch not only known threats but help prevent emerging threats and zero day attacks.
- Desktop security software – helps prevent leaks occurring from end-users loading of programs, malware knowingly or unknowingly.
- Bring your own device – enterprise server that can accept and remember guest connections to Wi-Fi, and ensure those devices are scanned according to policy before being allowed on the network.
- Proper web filtering – high-capacity servers that mitigate users web activity and help prevent web-based threats, downloads, Hotmail and other potential holes and breaches for HIPAA.
- USB prevention and data loss prevention – software that enforces security policies to end points both on networking off network.
See Products from BorderLAN http://borderlan.com/products/ for more information or Contact us
Kentucky Retirement Systems proactive in its approach to email encryption.
When you offer both health insurance and retirement related financial services to more than 300,000 members, ensuring their personal information is protected is the highest priority.
Kentucky Retirement Systems (KRS) takes this goal very seriously. It has put in place rigorous data protection policies at all levels of operation.
– Mike Burnside, Executive Director, Kentucky Retirement Systems
“We are fully committed to securing every member’s personal information,” said Mike Burnside, KRS’ Executive Director. “We’re proactive about protecting this type of data and try to go above and beyond what’s expected. It’s the right thing to do. Our Board of Trustees is also actively involved in ensuring the protection of our members’ information.”
KRS is the public pension system for almost all of Kentucky’s government and public employees, with close to 1,400 employers paying into the
retirement fund. For members who are 65 and older, it’s also a self-funded health insurance entity covered by the Health Insurance Portability and Accountability Act (HIPAA).
Early need for encrypted email “Early on we identified email as an area that needed to be addressed,” said Mark McChesney, KRS’s Information Security Officer. “People appropriately talk about social networking sites being dangerous in terms of security, but the critical application for us is email because it’s simple to use. Email is the way people communicate, and it’s an easy way to inadvertently expose data. There’s lots of opportunity for bad things to happen with unsecured email. Email is certainly something you should be encrypting.”
KRS carefully researched email encryption solutions and chose Zix Corporation (ZixCorp). “Probably one of the most significant changes and improvements
in our infrastructure has been the addition of the secure email solution,” McChesney said. “The biggest point of exposure we’ve had, whether it has “We are fully committed to securing every member’s personal information.”
DeviceLock, Inc. announced that University of Alabama-Birmingham (UAB) Health System, one of the most prestigious health care organizations in America, is entering Phase II of its implementation of DeviceLock endpoint security controls. The organization implemented DeviceLock in “observation mode” via its deep auditing, shadowing and forensic reporting capabilities for over a year in a mixed Novell® and Microsoft® network operating system environment. The analysis of end-user data handling practices justified approval of DeviceLock’s access controls to ensure data security compliance and use of specifically assigned encrypted USB storage devices for any data moving off the network to removable media.
The deployment of Phase II controls will ensure that the health system’s policies, procedures and security technologies are enforced and well aligned with its data protection goals, as well as compliant with HIPAA and the Health Information Technology for Economic and Clinical Health Act (HITECH) provisions of the American Recovery and Reinvestment Act of 2009 (ARRA). During the initial evaluation phase, DeviceLock auditing revealed exactly where data loss was occurring.
“It’s not unusual to hear from the field that DeviceLock more than proved itself in ‘observation-mode’ pilot testing,” remarked David Matthiesen, Director of Sales-Americas, DeviceLock, Inc. “It’s common for enforcement controls to be the next logical step once you have made an assessment and formulated a policy regarding removable media.”
The combined solution allows the UAB Health System to set a DeviceLock access policy that limits users to connecting only an IronKey® or another approved encrypted device to their PCs and laptops for the purpose of portable storage. Other specialty USB-based medical devices would also be whitelisted in DeviceLock’s flexible policy. Should any of the IronKey secure portable storage devices be lost or stolen, the hardware encryption would prevent stored data from being penetrated by any unauthorized person.
“We have a large, complex and multi-NOS environment dealing with requirements for handling acute patient care, research and education; so there is absolute need to support a wide variety of USB-mounted device types,” comments David Gardner, Data Security Specialist, UAB Health System. “We found DeviceLock to be the most cost-effective solution for endpoint device management after months of product evaluation. It has proven itself to be one of the biggest ‘bangs for the buck’ in our arsenal of information security controls.”