CDA Journal - October 2021: Pediatric Patients, Parenting and the Pandemic

Page 59

Regulatory Compliance

C D A J O U R N A L , V O L 4 9 , Nº 1 0

Compliance With HIPAA Rules Supports Cybersecurity CDA Practice Support

M

alicious cyber actors are much in the news and the public consciousness these days because their actions are having a broader impact on everyday life. For example, the ransomware attack on Colonial Pipeline earlier this year disrupted the fuel supply and created widespread panic-buying of gas.1 Although the federal government is growing its cybersecurity response,2 individuals and smaller organizations must take steps to ensure the security of their own systems. For health care organizations, the HIPAA Security Rule provides minimum standards for safeguarding electronic information systems. Malicious cyber actors may seem like the “scary strangers” of horror stories, but they can also be an unaware insider in an organization who, either purposely or by accident, figuratively leaves the door open for a thief to slip through. This is the employee who clicks on a phishing email or uses an easy-toguess password. The HHS Office for Civil Rights (OCR) noted that an analysis of health care data breaches determined 61% were perpetrated by outside entities and 39% by insiders.3 Two HIPAA Security Rule standards govern what a covered entity should do to ensure access to patient information is appropriate. These standards include access control and information access management.

Access control is a technical standard with four implementation specifications: ■  Unique user identification. ■  Emergency access procedure. ■  Automatic logoff. ■  Encryption/decryption. The first two items are required and the second two items are “addressable.”

An addressable specification must be implemented unless the covered entity has a good reason not to and will instead implement an alternative that is similarly effective. Having unique user credentials for access to a network and to individual applications is a fundamental security

O C TOBER 2 0 2 1 LDM_CDA_Journal_1.3_Square_LindaBrown_05_23_17.indd 1

659

5/24/2017 9:21:40 PM


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.