We’ve mentioned before, but we know a thing or two about HIPAA and provide many HIPAA-friendly services. We have been asked why we insist on doing things a certain way, and we generally will refer back to HIPAA guidelines. Specifically, here are some of the laws and HIPAA security-rule guidelines that we refer to in the way we recommend your business does things.
- Configure the server to be a Windows Server, domain-based server which will allow the creation and auditing of unique logins for all staff members (45 CFR 164.308(a)(5))
- Migrate all workstations to a that domain-based setup to allow for security policies to be centrally-controlled and audited by the server (45 CFR 164.310(c))
- Create unique accounts for all staff members and implement password complexity, rotation and lockout policies to match HIPAA’s policy manual requirements (45 CFR 164.312(a)(1))
- Implement disk encryption on all workstations to encrypt the data on the drives to prevent possible breaches of PHI in the event of a theft or loss and to protect you from the reporting requirements and fines if you lose a machine (45 CFR 164.312 (a)(1))
- Implement managed Windows operating system patching on all workstations and servers to address the risk of known vulnerabilities for Windows (45 CFR 164.308(a)(5))
- Implement managed antivirus on all workstations and servers to address the risk of known vulnerabilities for viruses and malware (45 CFR 164.308(a)(5))
- Implement managed content filtering on all workstations to address the vulnerability for web based phishing and drive by infections (45 CFR 164.308(a)(5))
- Provide monthly reporting on disk encryption, Windows patching, antivirus and content filtering activities for logging as proof of adherence to policies . (45 CFR 164.308(a)(5))
- Monitor disk encryption, patching, virus and content filtering incidents to provide incident management for these areas of vulnerability (45 CFR 164.308(a)(6))
- Implement server based full disk imaging backup software with encrypted local and offsite backups to provide for business continuity requirements of HIPAA (45 CFR 164.308(a)(7))
Confused about HIPAA and if your technology is working to make you more compliant? Contact us today at 541-383-2340 or email sales@weston-tech.com to talk to one of our account managers about how Weston Technology Solutions can help your clinic become more HIPAA compliant.