5 Steps To Better HIPAA Security

By Katie Wike, contributing writer

A rash of HIPAA violations has led The Netwrix Corporation to suggest five ways to boost security and avoid HIPAA compliance breaches.

In May, two New York Hospitals reached the largest HIPAA settlement with OCR to date, paying out nearly $5 million. Upon investigation, “OCR found that insufficient precautions had been taken to ensure that the server was secure. Additionally, OCR found that neither entity had conducted an accurate and thorough risk analysis that identified all systems accessing electronic PHI, which meant that the entities had neglected to develop an adequate risk management plan for electronic PHI.  NYP had also failed to implement sufficient policies and procedures regarding accessing its databases that contain electronic PHI.”

In light of these recent breaches, Netwrix Corporation, suggests the following best practices every healthcare organization or insurance provider should implement and maintain to ensure HIPAA compliance.

1. Establish Strict Policies - When enacting stringent compliance policies and procedures across your IT infrastructure, ensure that they work to prevent risk at every level, from user applications all the way through the operating systems and down to the infrastructure level.
2. Enact Controls to Verify Policies Work - Having strict compliance policies achieves the desired effect only if you can verify that those policies are actually working. Consider an auditing solution validating that those policies are working, or alert and report when they are violated.
3. Ensure Your Visibility is Deep - All the policy controls in the world will not protect your organization if it cannot be substantiated by audit reports that prove your compliance. To ensure your organization's compliance, use an auditing solution that will give you complete visibility across your IT infrastructure with relevant reports that can be easily submitted to an auditor.
4. Get Proactive - As your infrastructure becomes increasingly complex, changes can be more difficult to track. By employing an automated change auditing solution, you can detect breaches as soon as they appear and take all the necessary steps before sensitive information is compromised, thus avoiding compliance violations and costly penalties.
5. Be Prepared for Increasingly Strict Requirements - As more breaches occur, compliance regulations are sure to become more stringent. By proactively preparing your organization with an automated compliance auditing solution today, you can be ready for any future compliance requirements or regulations that may be enacted.

"One of the main purposes of compliance regulations is the prevention of breaches and violations; and as a new breach occurs, authorities gather to investigate the root causes and possible prevention mechanisms," said Michael Fimin, CEO of Netwrix. "With each new, highly visible violation, we can expect compliance requirements to become stricter and compliance audits to be more thorough. By employing simple steps to assure automated change and compliance auditing, organizations can safeguard themselves from the threat of devastating violations and penalties."