Health Information Compliance Alert
Prepare to Accept These IM Security Risks
PDF
Your firewall won't catch viruses sent via an instant message.
Tackle these security danger zones before you use any rapid messaging system, advises Tom Walsh, a security expert at Tom Walsh Consulting in Overland Park, KS.
1. IMs use an unprotected port.
E-mails enter and leave your electronic network through a port in your firewall that scans all e-mails and their attachments for known viruses.
IMs, on the other hand, enter and leave your network through a completely different, unsecured port that does not scan any attachments.
2. You cannot verify IM users.
Any person using a commercial IM application can create a screen name that looks legitimate. It's almost impossible to verify that the person sending you an IM is who he or she claims to be.
Example: A remote user asks you through an IM to reset her password. You ask her to supply a piece of identifying information. She supplies several types of information, including the last four digits of her Social Security number. Why it's not
enough: Though the user provided several pieces of hard-to-know data, a criminal could acquire all of it through social engineering or other form of data theft.
The bottom line: You must only send IMs across your closed, protected network. And any user needing tech support must use either telephone or e-mail to request help.
Health Information Compliance Alert
- Compliance Update:
OIG Calls for Crackdown on Faulty HIPAA Security
Prepare for scrutiny of your security practices in 2009. Now's not the time to let [...] - Compliance Update:
CMS Outlines E-prescribing Initiative in 2009 Physician Fee Schedule
Final Rule also spruces up PQRI incentives. Times are changing, and physicians and need to [...] - Security:
Know What Contract Best Protects
When do TPAs fit better than BAAs? The answer may surprise you. A business associate [...] - Security Compliance:
You Can Safely Send Instant Messages --" Here's How
Think sending instant messages will shut down your systems? Think again. Allowing your employees to [...] - Security Strategies:
Don't Let an Emergency Wipe Out Your Security Compliance
Create a contingency plan that will prepare your staff members to handle any disaster. Don't [...] - Clip 'N' Save:
Use This Tool to Ensure Correct Documentation
Hold on to this information or kiss your security compliance goodbye. If you can't rattle [...] - Security Tip:
Prepare to Accept These IM Security Risks
Your firewall won't catch viruses sent via an instant message. Instant messaging can streamline your [...] - You Be The Security Expert:
Are We Violating Patient Privacy When We Call the Police?
Question: Our front line staff are excellent at calming upset patients, but recently one client [...] - Reader Questions:
Protect PHI With Automatic, Locked Screensavers
Question: Our IT department wants to require that each workstation's password-protected screensaver come on after [...] - Reader Questions:
Don't Withhold Patients' Medical Records
Question: A few of our patients have asked for a full, unedited copy of their [...]