HIPAA

Security Basics (Part Nine) APPROACHES TO INFORMATION SECURITY IMPLEMENTATION

Posted by Thomas Davon on

Information security must be taken seriously and the measures that are needed to protect information should be in place and should be properly done. Protecting information assets is an incremental process. It requires coordination, time, and patience to be effectively done. A good approach to information security should be one that begins from the grassroots and follows to the top. An approach to information security that follows from the grassroots to the top is known as a bottom-up approach to information security. Here, the management or administrators of an organization are responsible for improving the security of their systems. This...

Read more →


Security Basics (Part Eight) COVERED ENTITIES

Posted by Thomas Davon on

The Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules only apply to those considered by the law as Covered Entities (CE). Does this mean that not every health care provider is a Covered Entity (CE)? The answer is not a straight yes or no because even though you may not consider yourself a CE, you are still subject to state privacy laws and national laws that govern the use and disclosure of patient’s Protected Health Information (PHI). This means that as a health care provider you are expected to ensure that every information you create,...

Read more →


Security Basics (Part Seven) Security Basics (Part Seven) INFORMATION SECURITY AND BUSINESS

Posted by Thomas Davon on

People would try to do anything to get their ways around rules and laws. It is quite saddening that no matter how good a law is and no matter how much it tries to protect the interest of people, there will always be people who would want to boycott those laws to have their selfish interest served. This attitude of boycotting procedures and laws can also be observed in information security and as a matter of fact, it is quite on the rise. With the recent shift from a centralized mainframe computing and data processing to the use of distributed...

Read more →


Security Basics (Part Six) UNDERSTANDING PHYSICAL SAFEGUARDS

Posted by Thomas Davon on

There is a great need that health care providers understand what physical safeguards really means. It is one way for organizations to ensure the safety of the information in their keep. Physical safeguard is the first line of defense in creating data security against any form of threats. The more porous or weak your physical safeguard is, the more chances you give for thefts and access to Protected Health Information by unauthorized users. According to the Department of Health and Human Services (HHS) physical safeguards are physical measures, procedures and policies that are kept in place in order to protect...

Read more →


Security Basics (Part Five) INFORMATION SECURITY AND ACCESS CONTROLS

Posted by Thomas Davon on

Access controls is a very important aspect of information security. This is concerned with the way a health care provider controls the level of access and who gets access to Protected Health Information. No everyone should be able to view certain information especially not without the necessary permission from the right persons. A good and adequate access control by a health care provider would ensure privacy and security of information. A good access control practice by health care provider would be one that allows even authorized persons to only gain access to the information that is necessary for just the...

Read more →