Archive for the ‘HIPAA’ Category

Healthcare CIO Puts USB Ports on the Disabled List

Thursday, July 29th, 2010

Finally a story about a CIO who takes on the data security threat from USB sticks and thumb drives. Earlier this week, in Health Data Management News, appeared a short article entitled “Data Security is The CIO’s Constant Challenge”.  This is the story of Chuck Christian, CIO at Good Samaritan Hospital, Vincennes, Indiana and his IT department, and their efforts to protect private healthcare information and ensure HIPAA compliance.

Chuck explained “Earlier this year, Good Samaritan went well beyond its laptop policies, disabling USB ports across the computers connecting to its network.  It was a pre-emptive move to preclude inappropriate data transfers to easily lost devices.”

Chuck Christian explained that disabling the USB ports definitely resulted in changes in behavior.  Not least being the purchasing manager from the hospital who wanted to purchase thumb drives in bulk.  Chuck’s response – “I said no.” To the credit of Chuck and his IT department they implemented a number of secure alternatives to enable staff at the hospital to get their jobs done.

It’s as simple as that.  If you are in charge of data security “Just say no” when someone even suggests using a USB stick or bringing it into the workplace, and give them a secure alternative, such as Accellion secure file transfer.

Chuck Christian you are our Accellion Hero of the week.

Posted in Accellion, Data Breach, HIPAA, Healthcare | No Comments »

HIPAA Hazard – Shipping CDs via FedEx

Wednesday, July 7th, 2010

This week Lincoln Medical and Mental Health Center of NY suffered an embarrassing data breach resulting from a lost FedEx shipment of CDs. More than 130,000 medical records were exposed in this breach and it is small consolation to read that “Siemens was promptly directed to suspend further transport of CDs by the carrier.”  Of particular note in this data breach is the fact that both Siemens and Lincoln Medical and Mental Health Center thought it was an okay idea to ship CDs of unencrypted healthcare data as part of a standard business process, until of course a shipment went astray.  Did the word HIPAA never come up?  Why would anyone think it is a good idea to ship CDs of unencrypted healthcare data when there are readily available secure file transfer solutions?

DataLossDB the Open Security Foundation tracks data breaches and lists 134 data breaches from Snail Mail affecting 2729 Organizations in its database. This week’s Lincoln data breach adds one more organization who has experienced the security hazards of shipping sensitive information unencrypted via the mail.

Posted in Accellion, Data Breach, Data Security, HIPAA, Healthcare | No Comments »

Email Attachments – Misconceptions Compromise Security

Wednesday, March 3rd, 2010

Are organizations aware of the security risks from email attachments? Generally not.

With email attachments typically accounting for more than 70% of e-mail volume, the bulk of data on email systems resides in the email attachments not email messages. Unfortunately in many organizations the management of email attachments is an afterthought leading to security vulnerabilities.

The disturbing reality is that users will try to force as much information through email as they can get away.  Without adequate security controls in place users commonly send confidential information unprotected through email attachments.  In cases where users hit email attachment size limits, they rapidly seek out unsecure IT workarounds such as thumb drives, CDs, P2P file sharing, just to get their job done.

So why the apparent lack of concern regarding the security of email attachments?  Here are just 3 of the common misconceptions:

•  Misconception #1: E-mail attachments are limited to 10MB; therefore, the risk of a data breach from file transfer is minimal.
•  Misconception #2: FTP is available; therefore, the risk of a data breach from file transfer is minimal.
•  Misconception #3: We haven’t experienced a security breach from unsecure file transfer, so the risk of a data breach from file transfer is minimal.

To learn how these common misconceptions compromise security read the full article published in Enterprise Systems this week.

Given the increased profile of data breaches and updated and extended compliance regulations such as HIPAA, now is not the time to ignore security vulnerabilities. Organizations, large and small, are waking up to the hazards of email attachments and are deploying managed file transfer solutions to protect confidential information and ensure compliance.

Give us a call if you would like to review the security of email attachments and investigate deployment of a managed file transfer solution to protect your organization.

Posted in Accellion, Data Breach, Data Security, Email Attachments, FTP, HIPAA, P2P | No Comments »

New HIPAA Regulations Go Into Effect – Accellion to the Rescue

Thursday, February 18th, 2010

After much buildup, the new HIPAA regulations finally go into effect this week.  As of February 17, 2010, Business Associates must be in compliance with the HIPAA Security Rule.  HIPAA.com provides a good resource for all the rules and regulations related to HIPAA compliance with catchy titled articles such as “Know your 5010 from your ICD-10″.

How does Accellion help with HIPAA compliance?  Let me count the ways.

1) Test results, medical images, physical examination reports, health insurance notifications, and all forms of personal health information, all fall under the HIPAA compliance requirements.  Accellion provides the security and encryption to ensure the secure transfer of sensitive files containing personal health information.

2) Accellion provides comprehensive tracking and reporting of every file transfer to ensure that only authorized recipients may receive and access sensitive file transfers.

3) Accellion eliminates the need for unsecure FTP servers.

4) Accellion eliminates the use of unsecure USB sticks for sharing medical data.

Many hospitals and healthcare networks have already implemented Accellion managed file transfer to ensure HIPAA compliance – check out our healthcare customers here and in today’s press release.

If you are subject to HIPAA compliance – we are here to help.

Posted in Accellion, Data Security, HIPAA, Healthcare | No Comments »

New HITECH Act raising blood pressure for some

Wednesday, December 16th, 2009

The new HITECH Act that goes into effect February 2010 places new requirements on healthcare organizations for the protection of personal health information (PHI).

The Healthcare Information Management and Systems Society (HIMSS) announced its findings of a national survey of hospitals and business associates to check the state of healthcare vulnerability to data breach.  68 percent of all hospitals indicated that the HITECH Act’s expanded breach notification requirements will result in the discovery and reporting of more incidents, and 57 percent reported that they now have a greater level of awareness of data breaches and breach risk.

Organizations are just coming to terms with the implications of the new regulations with some interesting interpretations being proposed. While the regulations appear quite clear on the need to secure the transfer of confidential patient information, in particular via email, the lack of regulations regarding use of text messages is raising questions.  If sending an unsecured email with the following message  “Your blood pressure is too high” will get you into trouble with HIPAA, what will happen if you text this message?

A good rule of thumb to apply to keep on the right side of HIPAA regulations is that unsecured communication is unsecured communication whether it be via text, email or file transfer.  The new HITECT Act is intended to protect personal health information so this means secure it in transit.

Posted in HIPAA, Healthcare | No Comments »