HIPAA Compliance – Why It's Critical To Have An IT Maintenance And Security Policy

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.healthitoutcomes.com/doc/hipaa-compliance-why-it-s-critical-to-have-an-it-maintenance-and-security-policy-0002?atc~c=771+s=773+r

It is often a neglected topic of IT management and HIPAA compliance, but
the maintenance of an IT Infrastructure and its security policies are
critical to the success of any healthcare operation’s HIPAA compliance
program.

Correct and regular maintenance will help IT infrastructures and systems
run smoothly and make them less likely to break down or get hacked –
ensuring effective performance, and also helping to reduce support costs
while meeting security compliance requirements.

A Maintenance Policy

A smooth-running network starts with defining a good IT Maintenance Policy,
which should also include upkeep related to security hardware and software
as well and any systems that provide security and functions needed for
HIPAA compliance.

A basic IT Maintenance Policy should include an interval schedule for
things like archiving old materials, deleting redundant files to free up
space and defragmenting hard drives so things can be accessed more quickly.

Server OS software updating is critical for any good IT Maintenance Policy.
This ensures that systems have the latest software updates, which help
maintain the security of the entire IT Infrastructure. Also, updating any
other software such as MDM software, anti-virus and mobile apps that are
used by staff, including HIPAA compliant secure messaging apps like
TigerText.

If you don’t perform regular updating, your IT network won’t fail
immediately; however, neglecting these maintenance tasks over long periods
of time increase the risk of hacking attacks which could penetrate the
network and cause data loss and in turn, HIPAA violations.

Besides the dangers of hacking and data loss, not having a routine IT
Maintenance Policy can cause slow systems, crashes and create a shortage of
space for new files. This includes not only the servers, but also desktop
computers, tablets, and mobile phones that all access the IT Network.

Strong Security

A good IT Maintenance Policy also needs to include strong security
maintenance to ensure the network is protected against hacking and outside
threats or attacks.

IT Security Maintenance tasks include performing regular scans for viruses
and spyware, backing up data frequently and changing passwords on a regular
basis. There are many great tools to protect your business IT
infrastructure – Symantec, McAfee, EMC, etc. so there’s no excuse for
failing on the security front.

Although the main focus of many IT managers is protecting the servers and
the basic network infrastructure, many are now finding out that it is the
mobile devices on the network that can pose a large security threat.
Dealing with an IT Maintenance Policy that only focuses on the servers is
easier to implement for many IT managers because it is relatively
centralized.

The problem is that unless the IT Maintenance and Security Policy includes
all the desktops and mobile devices, then it is missing one of the most
important parts of the IT Infrastructure – the web browser.

The web browser is a central focus for today’s cyber crime, and its
vulnerabilities are commonly known and exploited. This is done via email
links and when users visit a malicious website. That is why it is important
to make certain that your IT Maintenance Policy ensures desktops and mobile
devices connected to the network have the latest antivirus and security
software installed is critical for success.

It is also important to plug security vulnerabilities by using robust
enterprise software, backup procedures and apps to help guarantee security.
By having a well-thought-out and encompassing IT Maintenance and Security
Policy in place, enterprise organizations, in healthcare especially, will
be able to offer their staff, customers and shareholders the confidence
that the company and personal data is secure and that HIPAA compliance can
be met.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!