In 2012 and 2013, unprecedented penalties are being assessed for HIPAA violations. A small medical practice paid $100,000 for using an unsecured e-mail system for sending patient information, and for using an online calendar to track patient appointments. A hospital was fined $1.5 million when a doctor’s laptop that contained unencrypted patient records was stolen. A state health department was fined $1.7 million when a hard drive was stolen, and a health plan was fined $1.2 million for leaving patient data on the hard drive of a copier it returned at the end of its lease.
While the HIPAA Security Rule is focused on protecting electronic data, over 50% of the HIPAA regulations are Administrative Safeguards—policies, procedures, and training—with a smaller percentage split between Physical and Technical Safeguards. Key tools in protecting Protected Health Information (PHI) are Security Awareness and Training, focused on making sure your staff properly handles protected information in all forms—spoken, written, and electronic.
Contact a HIPAA Technology Specialist at Ion Networking
- Build and maintain a secure firewall configuration on your network to protect cardholder data.
- Protect cardholder data through the use of encrypted transmission of cardholder data across open public networks.
- Develop and maintain secure systems and applications such as regularly updated anti-virus software programs.
- Implement strong access control measures with restricted digital and physical access to cardholder data by assigning a unique ID to each person with computer access.
- Regularly test security systems, track and monitor network resources.
- Maintain a policy that addresses information security for your business.
First, data backup simply means a copy of your data is replicated to another device or location. Tape drives, offsite backup and even USB devices provide data backup. Data backup is obviously important. However, the more important consideration is whether or not your backup solution provides easy disaster recovery, or the ability for you to recover all your files, software and functionality quickly, easily and without corruption.
For example, if your server died, you wouldn’t be able to quickly get back to work if you only had file-level backup. In order for you to start working again, your server would need to be replaced, all software re-installed, data re-installed and then the whole system would need to be configured with your settings and preferences. This process could take hours or even days and that’s if you have all your software licenses and a clean copy of your data.
Then there’s business continuity. This is the ability for your business to continue to operate even after a major disaster.
For example, if you ran an accounting firm and your building burned to the ground, you’d be out of business if all your files were on the server only. However, if you had your network in the cloud your employees could continue to work from home or some other location, giving your business continuity.
Of course, you need all three at some level. At a minimum you need to make sure you have in place the right backup and disaster recovery plan for your tolerance for downtime, and a plan for how your business could continue to operate if you could no longer access your building, server or data.
You should review your plan annually.
The most common threats include:
- Viruses, worms, and Trojan horses
- Spyware and adware
- Zero-day attacks, also called zero-hour attacks
- Hacker attacks
- Denial of service attacks
- Data interception and theft
- Identity theft
How it Works
Network security is accomplished through hardware and software. Managing and updating your software frequently can protect you from emerging threats. Consisting of many components that work together, a network security system minimizes maintenance and improves security.
Components often include:
- Anti-virus and anti-spyware
- Identifying fast-spreading threats with (IPS) Intrusion prevention systems, such as zero-day or zero-hour attacks
- Providing secure remote access with (VPNs) Virtual Private Networks
Network security helps your company meet mandatory regulatory compliance. Because network security helps protect your customers’ data, it reduces the risk of legal action from data theft.
Ultimately, network security helps protect a business’s reputation, which is one of its most important assets.
Ion Networking can ensure your wired and wireless network connection provides your business with consistent and flexible access to data whether you are at your desk or outside of your building. We can verify your servers communicate properly and give you access to your network through VPN.
Ion Networking can help you determine which hardware and service options best meet your security, bandwidth and budget requirements. Selecting the right hardware to ensure all of your laptops and mobile devices can connect with the greatest possible security is crucial for your business.
Cloud storage benefits:
Greater accessibility and reliability
Strong protection for data backup
Archival and disaster recovery purposes
Lower overall storage costs as a result of not having to purchase, manage and maintain expensive hardware.
Ion Networking can determine if cloud service or local traditional server storage is right for you.