The new American Recovery and Reinvestment Act provide
money to support designing and implementing new ways of transmission and storage
of electronic health care data. This new law requires there to be significant
change in privacy and security regulation related to electronic health records.
These new requirements will help stop snooping incidents from happening by
requiring you to implement tighter data security controls.
This white paper discusses best practices related to
securing patient information. More proactive controls need to be put in place
to provide better authentication, authorization and auditing capabilities around
health care related information. In order to do this you need to control access
to core systems and applications as a first layer of security. For a second
layer you need to control access down to the data level. Additionally there
needs to be security at the operating system level to prevent unauthorized
access by administrators as a third layer of protection. Lastly, you need to
make sure you provide a mechanism to consolidate activity and event logs, and
provide meaningful audit reporting.
As you move forward with trying to implement these new
health care data requirements you need to consider access management solutions.
By using access management solution the administration cost can be reduced, and
can make health care professionals more productive. You may find that an
access management system makes it easy to implement a HIPPA compliant solution
that will reduce your organizations security risk when dealing with electronic
medical records.