The Health Insurance Portability and Accountability Act (HIPAA) set specific guidelines for any site that stores or transmits Personal Health Information (PHI). This can be in one location or between different locations. It can be internal or external and still require the same safeguards. The Security Rule and a Privacy Rule requires there to be technical and physical controls over the integrity and privacy of PHI. In addition, there has to be restrictions to the access of PHI to only authorized personnel.

1. Conduct a Risk Assessment
Section 164.308(a)(1) of HIPAA requires an organization to conduct the risk analysis before any solution is implemented. It is important to know your network’s vulnerabilities. Officials must understand what type of information might get exposed, who might expose it, and how where it could be exposed. The result of this analysis will facilitate creation of security policies & procedures.

2. Take a Multi-Layer Approach
A single technology cannot provide complete protection. Implementing firewalls, anti-virus software, anti-spam, and intrusion prevention are just some of the things needed to keep patient data completely secure. Your production environment should be protected from your development environment. You need to know what attacks are taking place at each layer of security.

3. Don’t Forget About Email
More patient data is breached through email than any other source. It is crucial to have secure email and full content filtering. You need both inbound and outbound filters for personal health information protection.

4. Implement Policies
Employees must be educated on the security policies of an organization, why the policies are important and how to protect confidential information. Electronic Security training is the first step in this important process. Implement a security awareness and training program for all members of its workforce including management.

5. Backup Your Data Offsite (Securely)
Offsite data backup has become the easier and safer alternative to the out dated tape method. Offsite data backup offers multiple encryption methods, sophisticated file search availability, and complete automation. You can recover you data swiftly and test your backup information quickly for accuracy and completeness.