Health Information Compliance Alert
New Software May Not Be Necessary
PDF
Question: Since the security reg is 'technology-neutral' and doesn't require CEs to buy new software, can we get by with coming up with something on our own? Are we going to get nailed by the feds if there's a security incident and our security plan software isn't viewed as being compliant by the feds? Answer: "There is absolutely nothing in the final security rule that is not already incorporated into the software products that are in common use today," says Harry Smith, president of the Denver chapter of the International Systems Security Association.
Chicago Subscriber
Smith says many security product vendors will try to sell you expensive solutions, claiming that you won't be compliant without them. "Don't fall for any 'HIPAA hype,'" he warns, adding that there are three aspects of technical security, which he calls the three "As": authentication, access control and audit.
Almost every operating system, database system, and patient information system includes built in controls that address the three As.
Most likely, "all you'll have to do is dust off the User's Guide and figure out how to ensure that everyone has his own user account and password, and set the appropriate file permission for sensitive information.
Health Information Compliance Alert
- COMPLIANCE STRATEGY:
Preempt Potential Privacy Violations With These 8 Tips
Perform regular audits before the feds audit you. Regularly auditing your HIPAA compliance program is [...] - SECURITY:
With Sanctions Policies, 'Shame On You' Just Won't Do
From warnings to termination, you must show determination. Not having a sanctions policy in place [...] - SECURITY TOOL:
Capture Your Audit Findings, Begin Corrective Action With This Form - SECURITY:
Analyze This! Or Face Security Rule Risks
4 easy steps to set up your risk analysis plan. Even though you likely performed [...] - SECURITY:
Tales From Encryption: Don't Turn E-mail Security Into A Horror Story
Try these new solutions to secure e-mail transmissions. If you haven't evaluated both data in [...] - Not Sure Whether Encryption's For You?
4 examples will help you decide. Using the five variables enumerated by Jim Sheldon-Dean (see [...] - YOU BE THE SECURITY EXPERT:
Are Virtual Signatures HIPAA Compliant?
Question: What is the purpose of an electronic signature? How would it protect our patients' [...] - READER QUESTION:
Trashing Hard Copies? Not So Fast
Question: How should our medical practice dispose of hard copies of files?
Missouri Subscriber
Answer: There's [...] - READER QUESTION:
New Software May Not Be Necessary
Question: Since the security reg is 'technology-neutral' and doesn't require CEs to buy new software, [...]