Do you deal with sensitive health care information in your office? You may be a doctor, lawyer, massage therapist or even a supplier to a hospital. With the Health Insurance Portability and Accountability Act (HIPAA) now in full force, you are required by law to ensure that no identifiable health information is ever available to a person that is not authorized to receive that information. Part of that responsibility is ensuring that your network and security protocols are up to date. Often this may include preventing employees from inadvertently opening your company to phishing attacks with an effective anti-spam filter.
HIPAA Compliance In Healthcare
What many companies do not know is that this new legislation actually requires anyone that is a Business Associate and their subcontractors to comply with the new protection requirements of the legislation. Essentially any information that falls under the definition of Protected Health Information (PHI) must be protected by the primary care institute and all its contractors and subcontractors.
PHI is defined by the legislation as essentially any unique identifying numbers or information and includes contact information, birth, death, discharge and treatment dates, social security numbers, finger and voice prints, photographs and medical record numbers.
If any of your clients are related to the medical field at all and you provide a service or product to them that provides you with PHI, you must also protect that information according to the standards of the law.
HIPAA Security Compliance
As a Business Associate (BA) new rules under the legislation can actually hold you and your company responsible for any breach of information that falls under its purview. Security compliance under this legislation is quite comprehensive in securing the private information of patients.
Essentially you need a contract in place with your client but also your security protocols for your business must meet the legislative standards. This includes having acceptable network security protocols as well as properly trained staff to handle security issues that may arise, such email containing spam, phishing attacks or malware.
Malware from spam is one of the most prevalent sources of backdoor hacking attacks, phishing scams and malware that can infect your network. Effective anti-spam filters provide a first line of defense that is much better equipped to reduce your threat to these security intrusions than employees that are not trained in network security.
By eliminating the threat before it even reaches the inbox of your employee, you can remove the potential security threat preventatively. These types of security protocols are exactly what the HIPAA compliance department is looking for when investigating PHI breach complaints. Has your company taken the necessary steps to protect the PHI in our care to the best of your ability and within the regulations of the legislation?
Understanding your burden of care when it comes to PHI and the HIPAA is necessary when dealing with the medical industry either directly or even as a sub-contractor. Ensure your network security protocols and anti-spam filters are effective at preventing attacks on your information before they begin.
For some more tips check out the webinar- How To Protect Against Links, Malware Phishing