HIPAA
compliance deals with the set of principles that help healthcare
organizations devise policy and means to protect electronic
healthcare records of patients. It provides federal protection of
individually identifiable health information. Therefore, any and all
organizations that have to deal with personal health information
(PHI), i.e. if they either store, process or transmit such
information, will have to comply with Health Insurance Portability
and Accountability Act and protect all such data. However, HIPAA
doesn’t endorse any particular technology or tool for protecting
PHI. If your organization deals with any such data, you need to
ensure this compliance with due diligence to avoid financial
penalties.
On a general note, these
are the few points that you need to take care to avoid HIPAA failure:
• Formulate a separate stricter security policy for the resources and the infrastructure that deal with PHI
data.
• Monitor all the User activities and try to figure out the loop holes that can lead to unauthorized access.
• Conduct regular risk assessment to find out the vulnerable points in your IT infrastructure.
• At the end-user level, all employees need to be made aware of the HIPAA guidelines and its importance
to prevent security breach on account of lackadaisical approach on their part.
• Employees need to update their latest information in the Active Directory to prevent misuse of their old
contact information.
• Formulate a separate stricter security policy for the resources and the infrastructure that deal with PHI
data.
• Monitor all the User activities and try to figure out the loop holes that can lead to unauthorized access.
• Conduct regular risk assessment to find out the vulnerable points in your IT infrastructure.
• At the end-user level, all employees need to be made aware of the HIPAA guidelines and its importance
to prevent security breach on account of lackadaisical approach on their part.
• Employees need to update their latest information in the Active Directory to prevent misuse of their old
contact information.
If we analyze Windows security in the light of these points, we find that there are some loopholes in the Windows security which can be taken advantage of by malicious Users. As we can see here, the most important point is to ensure security of the data which can be achieved by ensuring security of the Windows network. As per the scope of the article, let’s see how Active Directory self-service tools can be helpful in ensuring HIPAA compliance.
• Active Directory self-service tools allow end users to update their current personal information to get
any alert or update at their current contact address.
• Administrators can devise very strict Account unlock and Password expiry/reset policies to prevent
credential theft and unauthorized access.
• They generate many informative reports such as locked out users, users with expired password, time
since the Users reset their password and many others which help administrators to get the actual status
of the User Account.
• They also provide a centralized notification service to guide end users to strictly adhere to the security
policy devised to ensure HIPAA compliance.
Most of the Active Directory self-service software come with these features that can go a long way in ensuring HIPAA compliance; for example, you can download and try Lepide Active Directory Self Service ( http://www.lepide.com/active-directory-self-service/ ) to meet HIPAA requirements along with other AD self-service features.