HIPPA Compliant Network

HIPPA compliance requires that you have established all of the safeguards (technical, physical and administrative) that would serve to reasonably protect the information that is exchanged along the network. That will include an assessment of everything from the firewall to the designation and training of the individuals who have access to the data.

Here are some of the controls recommended by HIPPA.

Access Control:

 Access Control HIPAA § 164.312 (a)(1) states that each healthcare organization must implement technical procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in §164.308(a)(4).

 User Identification:

 Unique User Identification HIPAA § 164.312 (a)(2)(i) requires healthcare organizations to assign a unique name and/or number for identifying and tracking user identity.

 Automatic Logoff:

 Automatic Logoff HIPAA § 164.312 (a)(2)(iii) mandates that healthcare organizations must implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.

 Authentication:

 Authentication under HIPAA § 164.312 (d) covered entities must have the proper procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.

 Audits Monitoring:

 Audits and Monitoring According to HIPAA § 164.312 a covered entity must implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.

 Information Control:

 Information Access Restriction Requirements & Controls Under HIPAA § 164.308 (a)(3)(i), the healthcare organization must have sufficient procedures in place to prevent unauthorized workforce members from accessing electronic protected health information (ePHI).

 Information Review

 Information System Activity Review HIPAA § 164.308(a)(1)(ii)(D) states that each healthcare organization must have procedures in place to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.

 Log-in

 Log–in Discrepancies in Attempts & Discrepancies According to HIPAA § 164.308 (a)(5)(ii)(C) the organization must also monitor the log-in attempts to its system and discrepancies must be reported.