HIPAA Security Rule | Cybersecurity Insights #2

July 25, 2019 posted by



Welcome back!
Josh here from absolute. If you recall last time we saw how the HIPAA Privacy Rule tells us WHICH
data need protection. In this episode, we'll explore the HIPAA Security Rule to see HOW to protect that data. The security rule spells out safeguards, that are like having a map, a compass and coordinates that guides you toward Data Protection Utopia. And there are three safeguard buckets: Administrative, Physical and Technical. Administrative safeguards create an atmosphere where data protection is just woven
into the day-to-day operation. Physical safeguards are the observable
and tangible garrison's for PHI. Things like: locked rooms, server cages, secure workstations, disposal facilities… And then there are Technical safeguards, where technology itself gets pressed into service
to shield our most valuable data. Access Controls enable users to
get to the minimum necessary to prevent unauthorized access to PHI. Audit Controls are the hardware,
software and procedures that examine systems to validate those defenses. That's right! There is a federal law demanding that
every device, app, server, network connection and so forth, all go under the microscope. Integrity controls helps to make sure that health data is never altered or destroyed in any unauthorized way. This is probably the biggest
challenge when scaling Mt. HIPAA-Compliance. Recently a federal judge upheld a penalty
for more than four million dollars on a world-renowned healthcare provider,
when they were unable to prove that a missing laptop was secure. That's expensive! Administrative, Physical and Technical
safeguards are not suggestions, but legal requirements for anyone
working with health data. Protecting PHI is hard. Protecting PHI on far-flung devices is even harder! But when you have a line-of-sight and continuously monitor all the pockets
where PHI can hide, you can leap over those hurdles and
satisfy the Security Rule. Be sure to drop your questions in the
comments section below, and don't forget to subscribe. I'll see you next time.

2 Comments

2 Replies to “HIPAA Security Rule | Cybersecurity Insights #2”

  1. Absolute says:

    0:19 – Skip the Intro

  2. Josh Mayfield says:

    It's hard to secure PHI on a vast sea of endpoints circling the globe. If you want to learn more about how Absolute is solving this conundrum, take a look at our HIPAA Evaluation Guide: all you need to know to secure PHI on every device. https://goo.gl/tZSBzE

Leave a Comment

Your email address will not be published. Required fields are marked *