While HIPAA was enacted in 1996 significant changes occurred in recent years that place significant financial risks on dental practices, physicians offices and all Covered Entities and their Business Associates. The 2009 HITECH Act modified the data breach law and funded enforcement programs with performance incentives given to the US Department of Health and Human Services Office for Civil Rights. State attorneys general were given authority to enforce the HIPAA civil penalties. The result; more enforcement has happened over the past 3 years then the previous 7 years combined.
In 2012 and 2013, unprecedented penalties are being assessed for HIPAA violations. A small medical practice paid $100,000 for using an unsecured e-mail system for sending patient information, and for using an online calendar to track patient appointments. A hospital was fined $1.5 million when a doctor’s laptop that contained unencrypted patient records was stolen. A state health department was fined $1.7 million when a hard drive was stolen, and a health plan was fined $1.2 million for leaving patient data on the hard drive of a copier it returned at the end of its lease.
While the HIPAA Security Rule is focused on protecting electronic data, over 50% of the HIPAA regulations are Administrative Safeguards—policies, procedures, and training—with a smaller percentage split between Physical and Technical Safeguards. Key tools in protecting Protected Health Information (PHI) are Security Awareness and Training, focused on making sure your staff properly handles protected information in all forms—spoken, written, and electronic.
Contact a HIPAA Technology Specialist at Ion Networking
The PCI DSS (PCI Data Security Standard) is a set of comprehensive requirements for enhancing payment account data security. These standards include requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
Build and maintain a secure firewall configuration on your network to protect cardholder data.
Protect cardholder data through the use of encrypted transmission of cardholder data across open public networks.
Develop and maintain secure systems and applications such as regularly updated anti-virus software programs.
Implement strong access control measures with restricted digital and physical access to cardholder data by assigning a unique ID to each person with computer access.
Regularly test security systems, track and monitor network resources.
Maintain a policy that addresses information security for your business.
If you think “data backup” is synonymous with “disaster recovery” and aren’t sure what “business continuity” means, you’re not alone. Most of the business owners we talk to make the mistake of not knowing the difference and end up paying the price when data is lost, a network goes down or a disaster prevents them from accessing their physical office and the server inside.
First, data backup simply means a copy of your data is replicated to another device or location. Tape drives, offsite backup and even USB devices provide data backup. Data backup is obviously important. However, the more important consideration is whether or not your backup solution provides easy disaster recovery, or the ability for you to recover all your files, software and functionality quickly, easily and without corruption.
For example, if your server died, you wouldn’t be able to quickly get back to work if you only had file-level backup. In order for you to start working again, your server would need to be replaced, all software re-installed, data re-installed and then the whole system would need to be configured with your settings and preferences. This process could take hours or even days and that’s if you have all your software licenses and a clean copy of your data.
Then there’s business continuity. This is the ability for your business to continue to operate even after a major disaster.
For example, if you ran an accounting firm and your building burned to the ground, you’d be out of business if all your files were on the server only. However, if you had your network in the cloud your employees could continue to work from home or some other location, giving your business continuity.
Of course, you need all three at some level. At a minimum you need to make sure you have in place the right backup and disaster recovery plan for your tolerance for downtime, and a plan for how your business could continue to operate if you could no longer access your building, server or data.
Network security is designed to protect your networks usability, reliability, integrity, and safety of your network and data. Effective network security targets a variety of threats and stops them from entering or spreading on your network. Numerous network security threats today are spread over the Internet.
The most common threats include: Viruses, worms, and Trojan horses Spyware and adware Zero-day attacks, also called zero-hour attacks Hacker attacks Denial of service attacks Data interception and theft Identity theft
How it Works Network security is accomplished through hardware and software. Managing and updating your software frequently can protect you from emerging threats. Consisting of many components that work together, a network security system minimizes maintenance and improves security.
Components often include: Anti-virus and anti-spyware Firewall Identifying fast-spreading threats with (IPS) Intrusion prevention systems, such as zero-day or zero-hour attacks Providing secure remote access with (VPNs) Virtual Private Networks
Benefits Network security helps your company meet mandatory regulatory compliance. Because network security helps protect your customers’ data, it reduces the risk of legal action from data theft.
Ultimately, network security helps protect a business’s reputation, which is one of its most important assets.
Ion Networking can help you create a stable and secure network infrastructure using the appropriate network hardware, software and services necessary to let you run your business efficiently. Your network should be able to handle more traffic, protect your data, and maintain compliance.
Ion Networking can ensure your wired and wireless network connection provides your business with consistent and flexible access to data whether you are at your desk or outside of your building. We can verify your servers communicate properly and give you access to your network through VPN.
Ion Networking can help you determine which hardware and service options best meet your security, bandwidth and budget requirements. Selecting the right hardware to ensure all of your laptops and mobile devices can connect with the greatest possible security is crucial for your business.
Storing and accessing data and programs over the Internet instead of your computer’s hard drive is a growing trend. Some business owners are finding it challenging to find enough storage space to hold all the data they’ve acquired.
Cloud storage benefits:
Greater accessibility and reliability
Strong protection for data backup
Archival and disaster recovery purposes
Lower overall storage costs as a result of not having to purchase, manage and maintain expensive hardware.
Ion Networking can determine if cloud service or local traditional server storage is right for you.