Is Your Computer Network Secure Enough for HIPAA? 5 Best Practices
When it comes to protecting patient health information and complying with HIPAA, your health organization is under more pressure than ever before. Nationwide, HIPAA noncompliance fines totaled $19.3 million in 2017. Penalties have increased more than 300% since 2015. In this blog post, learn if your computer network is secure enough for HIPAA compliance.
Passing a HIPAA inspection by the Health and Human Services (HHS) Office of Civil Rights (OCR) hinges on your network security. Computer networking and cybersecurity experts recommend taking these five key steps now.
1. Set up your firewall or UTM with the application-level inspection.
One of the most important aspects of network security is your firewall or Unified Threat Management (UTM) appliance. Your firewall or UTM should be set up to authenticate access for every application that works with patient data.
2. Configure your UTM to block outside file transfers and peer-to-peer exchanges.
Whenever a user attempts to transfer a file outside of a designated application, or to unapproved storage media, the action should be blocked. An unsecured device could lead to a costly data breach.
Even if an employee is attempting to transfer patient health information to another storage medium as part of legitimate job duties, the request needs to be denied in order to keep the information secure.
3. Create separate VLANs for HIPAA and non-HIPAA use.
One common networking mistake is setting up one-size-fits-all security. But if every endpoint communication is subject to deep packet inspection, it could slow down your network or interfere with the performance of certain enterprise apps.
There is a better solution recommended by IT security: separate those users and endpoints who need access to patient health information from those who don't. Use your firewall to route traffic between VLANs. That way, you avoid slowing down your entire network.
4. Expand your storage to archive all firewall logs.
Because HIPAA regulations require you to log, audit, and monitor all access to patient health information, your storage needs will grow over time. Look for scalable and reliable cloud storage solutions that are secure for archiving medical data logs.
5. Get a network assessment before your next HIPAA audit.
According to the U.S. Department of Health & Human Services, 69% of HIPAA complaints result in corrective action. Noncompliance fines are rising sharply.
To minimize the risk of failing a HIPAA audit, get a network assessment from the cybersecurity experts. Intelligent Technical Solutions provides total security solutions to keep patient health information secure, make sure your organization stays HIPAA compliant, and help you avoid expensive fines.
To start your network assessment, contact ITS today. Intelligent Technical Solutions is a Cybersecurity Company. We set up, maintain and secure the technology of small and mid-size businesses across the metro area. Our mission is to help businesses thrive by managing their technology.