Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds.
THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
[By Shahid N. Shah MS]
ePHI is vulnerable to be compromised in all the states it is in. Whether it is at rest (in databases and files), or in motion (being transmitted through networks), or in use (being updated, or read), or is disposed (discarded paper files or electronic storage media).
Using encryption puts an extra layer of security to ePHI because even if someone gains access or reads ePHI, if it is encrypted then the chances of ePHI getting compromised diminishes. It makes the data unreadable and unusable by unauthorized persons. When ePHI is transmitted through networks, it is possible that it will be accessed by unauthorized persons, thus compromising ePHI. These type of unauthorized access hacking may not be immediately known, but can cause many damages.
Major Mitigation
ePHI should be encrypted and there must also be reasonable and appropriate mechanisms in place to prevent access to ePHI so that it is not accessed by persons or software programs that have not been granted access rights.
There are many different encryption methods and technologies to encrypt data in motion (SSL, VPN) or at rest. Choose the methods and technologies that best meet the physician’s office requirements.
Success criteria
The risk analysis/assessment reports will provide a clear indication of whether these type of risks exists or has been mitigated with appropriate controls.
***
***
Assessment
Auditing logs that track access to ePHI can be verified periodically to check if there has been unauthorized access by persons or software programs that have not been granted access rights.
More
- Some Dental Consultants Say the Most Incredible Things
- “The ADA Practical Guide to HIPAA Compliance”
- UNDERSTANDING MEDICAL PRACTICE CYBER SECURITY RISKS
- In Defense of the eDR Industry
- Health Organizations Slammed by Cyber Breaches
ABOUT
Mr. Shahid N. Shah is an internationally recognized healthcare thought-leader across the Internet. He is a consultant to various federal agencies on technology matters and winner of Federal Computer Week’s coveted “Fed 100″ Award, in 2009. Over a twenty year career, he built multiple clinical solutions and helped design-deploy an electronic health record solution for the American Red Cross and two web-based eMRs used by hundreds of physicians with many large groupware and collaboration sites. As ex-CTO for a billion dollar division of CardinalHealth, he helped design advanced clinical interfaces for medical devices and hospitals. Mr. Shah is senior technology strategy advisor to NIH’s SBIR/STTR program helping small businesses commercialize healthcare applications. He runs four successful blogs: At http://shahid.shah.org he writes about architecture issues; at http://www.healthcareguy.com he provides valuable insights on applying technology in health care; at http://www.federalarchitect.com he advises senior federal technologists; and at http://www.hitsphere.com he gives a glimpse of HIT as an aggregator. Mr. Shah is a Microsoft MVP (Solutions Architect) Award Winner for 2007, and a Microsoft MVP (Solutions Architect) Award Winner for 2006. He also served as a HIMSS Enterprise IT Committee Member. Mr. Shah received a BS in computer science from the Pennsylvania State University and MS in Technology Management from the University of Maryland.
Conclusion
Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com
OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:
- PRACTICES: www.BusinessofMedicalPractice.com
- HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
- CLINICS: http://www.crcpress.com/product/isbn/9781439879900
- ADVISORS: www.CertifiedMedicalPlanner.org
- FINANCE: Financial Planning for Physicians and Advisors
- INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors
- Dictionary of Health Economics and Finance
- Dictionary of Health Information Technology and Security
- Dictionary of Health Insurance and Managed Care
***
***
Share this:
Filed under: Information Technology | Tagged: encryption, ePHI, HIT, protected health information, Shahid N. Shah MS, SSL, VPN |
The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants 
Ransomware by a different name
My dad liked to say, “I have only been wrong once in my life… And that time, I thought I was wrong, but I was really right.”
“Hackers Break Into Virginia Health Professions Database, Demand Ransom – Hackers last week broke into a Virginia state Web site used by pharmacists to track prescription drug abuse. They deleted records on more than 8 million patients and replaced the site’s homepage with a ransom note demanding $10 million for the return of the records, according to a posting on Wikileaks.org, an online clearinghouse for leaked documents.” By Brian Krebs for The Washington Post, May 4, 2009.
http://voices.washingtonpost.com/securityfix/2009/05/hackers_break_into_virginia_he.html
In 2009, it wasn’t called “ransomware.”
DK Pruitt DDS
LikeLike