Steve Spearman
Share:
risk analysis, webinar, hipaa, hipaa compliance, vulnerability scanning, ePHI, penetration testing, ePHI security, business associates, CIA, tool
HIPAA is:
- A Law that governs a person’s ability to qualify immediately for health coverage when they change employment (dependent on employer’s program)
- Rules for Data Interchange
- Regulations protecting the security and privacy of Protected Health Information (PHI)
And it applies to:
- Covered Entities
- Health Care Providers
- Health Care Clearinghouse
Health Plan - Business Associates
One of the most essential elements of a HIPAA compliance program is security risk analysis, to, “Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic protected health information.”
In order to successfully conduct a risk analysis, you’ll need two of the most important tools in the healthcare providers security tool chest: vulnerability scanning and penetration testing. While these two tools might not be “required,” per se, the risk analysis requirement imposes an obligation to identify and document the “risks and vulnerabilities to the CIA of ePHI,” which would be very challenging (if not impossible) to do without them.
You see, a penetration test evaluates the strengths of security controls on a computer system and network including administrative, physical, operational and technological controls. And a vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. Together, they keep hackers out, and keep patient’s sensitive data in.
Tune in to our upcoming webinar, What is Penetration Testing and Why Your Organization Needs One, to learn what are penetration testing and vulnerability scanning, how they’re different, and when you should use them.
Questions or Comments?