HIPAA Compliance

Health Information is mandated by law under HIPAA the “Privacy Law” to be protected. BorderLAN helps to bolster education through technology and how automatic defenses help mitigate the risk of non-compliance. Four primary ways breaches occur that lead to HIPAA violations listed by importance according to our research are: mail transmission, encryption, lost laptops, local data vs. server data. A simple strategy can be developed with to provide simple low-cost products and services to assist in protecting against the most common breaches. Even technologies like monitoring software exist such as Log management and SIEM to ensure visibility into all parts of the network.

HIPAA containa a Privacy Rule, which establishes a Federal protections for the privacy of protected personal health information.

Effects of Breaches

Fines from state and federal auditors
Civil Liability from losses
Loss of Patients
Third party health systems refusing your patients or referrals.

Problems Complying With HIPAA

HIPAA protection does not come from one product. Solid data protection will come from a group of products and policies addressing common methods by which data is lost, stolen or transmitted outside of the provisions of the Act. Typical HIPAA compliant organizations have SIEM technologies, Email Encryption, Firewall, AV, Internet Filtering, Remote (CITRIX LIKE) access so nothing is on PC/Laptops, encrypted USB’s, and secure EMR Servers.

How to stay Compliant?

  • Be informed! If needed BorderLAN can give you a Free Compliance Checklist
  • Determine holes in defenses and and patch and supply solutions

HIPAA History

  • HIPAA: The Health Insurance Portability and Accountability Act (HIPAA) was passed into Law in 1996. The law requires Health related entities to adopt national standards for electronic health care transactions. The Privacy Rule included in HIPAA applies to health plans, healthcare providers and health clearinghouses, all who have electronic based communication about health care cases, patient info and transactions.
  • 2003: By a compliance date of April 14, 2003 any entity subject to the HIPAA law must have measures to protect data, and all communication of patient information. This includes safeguarding against misuse both internally and externally. Civil penalties apply if standards are not met according to the law.

*The Rule does not replace State or Federal laws that provide individuals even greater privacy protections. The new Omnibus rule effective March 2013 has even more reporting and notification requirements while also including contractors and sub contractors of the Healthcare Organization.