Healthcare compliances training and discussion blog

Archive for April, 2010

Network Security Audit- Ensuring HIPAA Compliance


The electronic transaction of the confidential patient health information through organizational and public networks requires protection against unauthorized access.The HIPAA compliance norms make it necessary for the health entities to incorporate a security audit system in the network, to maintain complete record of all the past and present health-care transactions.Security audit brings in accountability to the system and pinpoints the offender in case of breach in privacy of patient health information.

The audit system should host such features, which allow complete monitoring of the computer network and bring to notice of administrators unnatural activity to prevent any security lapse. If however a lapse does occur the auditors can know, how and when the event happened, and who did it. Following are the features, which an ideal network audit system should have:

  • Ability to record the time, nature and type of login, whether it is unauthorized or unauthorized.This deters hostile users like hackers as they know they are under spot light at same time keeps tabs on what type of information is accessed by the authorized user.
  • Able to provide the log off time, details of the user and type of information accessed before the log off occurred.
  • Provide detailed report on unsuccessful login, which includes the username, the number of attempts, date and time. This feedback is used to increase the vigilance and further strengthen the network.
  • Able to pinpoint the objects accessed, like a file or directory and the whether the content was read, copied, deleted or modified. It should provide a feedback on the integrity of the content so that if any changes are made, the administration know whether these changes where legal or illegal.
  • Maintain complete record of the start-up and shut down time of the local system.
  • Able to maintain complete record of both successful and unsuccessful login of authorized users.
  • Store and protect data for a desired time limit.
  • Provide easy auditors easy access to the desired data.
  • Ability to monitor the message flow, in and out, of the network. The security audit should track who sent the message to whom and what was in it.

It is mandatory for the health service providers to ensure HIPAA compliance of their networks, other wise they risk severe penalties or criminal convictions. The security of the health information stored in the organizational network or flowing in and out of it, is of paramount importance. A right auditing system does round-the-clock surveillance of computer network and raises alarms against hostile intrusion and thus denies any security breach. This is completely in line with HIPAA compliance norms.

The security audit protects the patient health information in the network through continuous vigilance.

Jason Gaya

Read more on HIPAA compliance at, www.empowerbpo.com

Advertisements

Ensuring HIPAA Compliance Through Network Penetration Testing


The health service providers and their business associates are required to provide services to their customers as per HIPAA compliance norms. The electronic transaction of the patient health information through the private and public networks makes it binding for the various health service providers to implement a very strong security network policy.

The HIPAA compliance norms now decide on how the service providers should implement, monitor and audit the security of their networks. The availability of new security products in the market and the changes in security policies make it quite difficult for the health service providers to select the right type of security tools for their networks.

The best option available is to go in for network penetration testing. The network is targeted by stimulated attack, which mirrors a real time hacking attempt. The results are analyzed to check the strength and weakness in the system. If the attack is successful, the path of intrusion is studied to pinpoint the weakness in the defense. This path is eliminated so that a real time attack is successfully thwarted in future.

The automated network penetration software does away with the need hire expensive security consultants, who take more time to arrive at conclusions and recommend the security changes in the existing network. The network technology is rapidly changing and so is the severity of hostile attacks. It is necessary to maximize the security of the network by maintaining a constant vigil on its ability to identify and stop hostile intrusion. A stimulated attack initiated by network penetration testing system helps to gauge the strength and preparedness of network security to withstand a real time attack. The automated feedback received is used to remove the drawbacks and fortify the network, further.

The automated penetration testing product is a better option than manual testing because it saves time, money and increases the accuracy of the security audit. As a result the computer networks of the service providers can easily withstand even the most malicious attacks from hackers and virus. This is completely in line with HIPAA compliance norms.

Network penetration testing boosts the security of the computer networks.

Jason Gaya,

Read more on HIPAA compliance at, www.empowerbpo.com

HIPAA Compliance- Selecting the Right Biometric Technology


The prime agenda of the HIPAA is to protect the privacy of the patient health information and simplify health insurance transactions between different service providers and patients. To accomplish this, it lays special emphasis on conversion of medical records of patient from paper to electronic format. The aim is to digitize the patient health information so that it can be easily managed by different health entities.

Any covered healthcare entity, which fails to protect the patient health data as per HIPAA compliance norms will invite strict penalties and criminal convictions. As the health transactions are done on the internet, it is mandatory for health service entities to provide a very secure access system so that genuine users can safely transact while the hostile intruders are kept at bay.

In Biometrics technology unique physical and behavioral characteristics like fingerprints, Iris Retina, and signature, keystroke pattern, voice print, respectively are embedded in system to create a secure and unique identification for each and every user.
For a health service provider it is of paramount importance to select the right biometric system, which is easy to implement and use.Below are some important features, which such access system should have:

  • It should be easily deployable. The devices should be cost effective and sport user friendly features so that users can easily access the services.
  • The system should allow the service provider to quickly gather the user data and compare it to an accepted benchmark.
  • Provision for a proper training backup on installation, integration and optimization of such devices.
    High degree of accuracy. The false-acceptance rate (FAR) and false–rejection rate (FJR) used in the biometric measurement standards should balance each other so that the crossover error rate (CER) is less. A lower CER points to higher accuracy in the system.
  • Customized to the environment. In patient admission, nursing, billing and administration fingerprint scan will work well but will fail in the clinics and labs where latex hand gloves are used.
  • The system should support interoperability so that the data from the different biometric devices can be exchanged and compared with each other. This also provides a greater security assurance by integrating two or more different type of devices to create a strong and tamperproof access system.

A right biometric system provides the desired level of security without creating any operational hassles to both users, patients and health service providers. This very well serves the objectives of the HIPAA compliance norms, which are, security and simplification of patient health transaction.

The right biometric technology provides increased security at reduced costs.

Jason Gaya

Read more on HIPAA compliance at, www.empowerbpo.com

Employing Biometrics to Ensure HIPAA Compliance


It is necessary for health service provider to place safeguards in system to protect the privacy of patient health information. A authentication system forms the first line of defense for the computer network and it is responsibility of the service provider to make it impenetrable to unauthorized access. Biometrics technology offers a great solution to this problem. Biometrics works on the principal of using the physical and behavioral characteristics of the individual user to create a unique identification code which he or she can always carry and use, as and when needed. This is in line with HIPAA compliance norms. The common physical characteristics that are used by biometrics technology to develop a user authentication system are:

  • Fingerprints- Every human being, including twins have different fingerprint patterns and this is used to verify the user. Every user has a unique fingerprint and this is most reliable and tested method used in biometric access.
  • Hand Geometry- The shape and the patterns on the hands are used to create a unique identification for individual users.
  • Retina- This type of recognition technique analyses the layer of blood vessels situated at the back of eye. This is non-contact type of access system where the user has to look into a receptacle which has a camera that scans his or her retina and matches it against the stored data in the system.
  • Iris- The colored ring around the pupil is used as a verification mark because every human being has a unique iris.
  • Facial Scan- Digital camera is used to create a digitized facial image of the user and stored in the database. The stored image is then matched with that of user at time of access.

The behavioral characteristics that are used effectively in biometric authentication systems are:

  • Signature- The characteristics like speed, pressure and speed and shape of the signature are stored against the individual record in digital form. This data is matched against the user whenever he or she accesses the system.
  • Voice Recognition- The voice of the individual is used to create a voice print. This voice print or pattern is unique in nature and is used to identify the individual user.
  • Keystroke Pattern- The keystroke pattern of the one user varies from the other. The dynamics of the keystroke of individual is stored and matched when he or she types into the system.

The biometric identification of the individual user cannot be copied and thus provides highest level of defense against hostile intrusion. But as the data needs to be stored somewhere in central pool it can be tampered with by virus or hacker. The solution to this problem is to incorporate individual biometric characteristics into the smart card. The card remains with user and the data in it can be fed to the host network through a card reader. This type of arrangement makes it easy to protect the personal identity and health data patient as it is no longer stored on the host computer. This completely eliminates the possibility of hostile access. A combination of biometric techniques like fingerprint and voice print can create an impenetrable wall for the hostile intruder and this is completely in line with the HIPAA compliance norms.

Biometric Identification provides an impenetrable defense against hostile intrusion.

Jason Gaya

Read more on HIPAA compliance at, www.empowerbpo.com

Smart Card- Ensuring HIPAA compliance


The HIPAA law centers around two primary policies, conversion of the paper records into electronic format and creation of secure network, which securely exchanges, processes and stores the confidential patient health information. The prime objective is to simplify the health administration procedures and at same time ensure the security of electronic transactions related to billing, insurance, identity and health of the patient.

To protect privacy of patient health information, it is necessary to use a very secure access system through which patients can log into the health-care network and avail various services like online treatment, health insurance and billing services, and host of other online health services, as per HIPAA compliance norms.
A perfect access system, which flawlessly supports the patient health transactions should fulfill these criteria.

* Availability of usable health information.
* Integrity of the stored data.
* Privacy of the patient health information.

This is where smart card provides a perfect solution. It contains a microchip that is embedded in the plastic card. The chip stores details of patient identity, health records, medical history, insurance details and other crucial information. The information is protected by digital signature and encryption features.The stored information cannot be changed or altered without any authorization and this helps to maintain the integrity of the health information.

Whenever the card is fed into the card reader, the microchip acts as an interface with the host computer and enables the patient to access online health services or provide the requisite information to healthcare network. As the patient identity and health information is already stored in the card there is no need to enter manually, the required information, every time the patient accesses the network. In addition to this, the smart card completely eliminates the possibility of unauthorized access of patient health information as there is no confidential health information left behind in the computer of the host network.

The access record of the patient is updated at regular intervals and feedback is provided to the end user. This helps the user to maintain complete vigil over his or her health-care transactions. The passwords are stored in the card and it becomes quite easy and safe for the user to access the information because he or she does not have to remember them or note them down somewhere, which is an unsafe practice.

The smart card supports biometric identification feature like iris scan, finger prints and facial scan recognition. This provides a very strong user authentication system for the user, one of the key requirements of HIPAA compliance norms.The smart card guarantees immediate access to health-care services and at same time protects the integrity of stored data through highly secure features.

Smart card provides a very secure patient health transaction.

Jason Gaya

Read more on HIPAA compliance at, www.empowerbpo.com

Ensuring HIPAA compliance in Voice Documentation System


HIPAA compliance in the office voice documentation system is mandatory to guarantee the safe processing of the patient health information over telephone lines. It is quite difficult in to safely process patient health details i over conventional telephone systems in the busy environment of the modern day office. The authorized user can make errors while noting down the patient health or insurance information and the privacy of such a information can also be compromised due such an environment.

A well designed voice documentation system should be installed in the office. This system should be able capture the call completely and store it as an voice file in electronic folder, which can be searched and accessed by authorized personnel.It should host recording features that allow the users to highlight portion of the recordings, add comments or notes and share the information with other authorized users. This feature provides flexibility to the end users and provides a verification backup, which can be used to set right any communication or documentation errors pertaining to patient health information.

To ensure HIPAA compliance in the voice documentation system it is necessary incorporate following features in it.

  • It should host a user authentication system which allows only the authorized personnel to access the voice files to accomplish the task.
  • There should be detailed back up plan to protect the stored information and should be able to counter the security threat from hostile intrusion, whether it is a virus or hacker.
  • A proper audit system should be in place to maintain a proper log of time, place and nature of information accessed by authorized users. This create accountability in the system and this in line with HIPAA compliance norm.
  • The voice documents cannot be changed or deleted but can be added on with newer recordings. The integrity of the recorded call should be maintained.
  • The voice file cannot leave the secure environment of the central pool and can be shared with other authorized users only through a link, which is sent to them in encrypted form via email.As a result the voice file cannot be downloaded but can only be heard from the central pool in playback version. This protects the integrity of the information stored by restricting its’ access to authorized personnel only.

The voice documentation system plays a crucial role in the daily processing of the patient health information, whether it is an insurance claim or fixing up an appointment with the doctor. The goal is to protect the privacy of the patient health information. A secure telephone recording system ensures HIPAA compliance and thus protects the covered entity from the liabilities in form of penalties and criminal prosecution.

A secure voice documentation system protects confidential patient health information.

Jason Gaya

Read more on HIPAA compliance on, www.empowerbpo.com

Tag Cloud