By: Online HIPAA Security Training

Online HIPAA Security Training — Thu, 31 Dec 2009 13:47:20 +0000

I would like to further add few points on HIPAA Security Standards: Technical Safeguards Technical safeguards are hardware, software, applications, etc. that can be implemented and/or used to act as barriers to inappropriate access or disclosure, limit access to authorized users, and act as filters protecting against any inappropriate electronic traffic (firewalls, web filters, etc.). These safeguards enforce privacy and security without necessarily requiring active participation of workforce members. However, they should be regularly monitored and tested by appropriate staff. Examples of technical safeguards are: • Computers automatically logging off when inactive for extended periods • Using password-protected and timed screen savers • Being sure anti-virus, anti-spam, and anti-spy software and a firewall are installed and active and that signature files and patches are current • Requiring some kind of authentication for access (passwords, smart cards, biometrics, etc.) • Assigning access appropriate to job or business needs; all other access is automatically denied • Setting audit alerts to notify IT when certain unauthorized actions occur • Blocking certain Internet sites and e-mail content • Disabling copying mechanisms and potentially the ability to print certain documents on computers (networked or standalone) • Automatically encrypting transmissions of PHI and e-mail containing PHI • Using a VPN (virtual private network) for transmitting data and for remote user communication

Comments on: Reasonable, appropriate, adequate…security (Part I)

By: Online HIPAA Security Training