With HHS’ Office of Civil Rights dramatically stepping up HIPAA enforcement it’s more important than ever to make sure you have the right people, processes and technology in place. Done right, Data Loss Prevention (DLP) is a proven technology for effective HIPAA compliance. Here are 4 ways DLP addresses specific statute requirements.
HIPAA Statute | HOW DLP HELPS | |
1 | Statute 164-306, Security standards: Requires a Covered Entity to ensure the confidentiality, integrity, and availability of all electronic protected health information the Covered Entity creates, receives, maintains, or transmits. | An appropriate Data Loss Prevention solution will help with the confidentiality portion of this safeguard in ways such as:
|
2 | Statute 164-308, Administrative safeguards, section A, Risk Analysis: Requires a Covered Entity to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic protected health information held by the Covered Entity | An appropriate Data Loss Prevention solution will provide a mechanism to continuously assess potential confidentiality risks to PHI held by a Covered Entity by providing the following capabilities:
|
3 | Statute 164.312, Technical Safeguards: Requires a Covered Entity, in accordance with §164.306, implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in §164.308(a)(4). | A Data Loss Prevention solution addresses this safeguard by providing mechanisms to:
|
4 | Statute 164-312 (e)(1), Technical safeguards: Transmission Security Requires a Covered Entity to implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network. | An appropriate DLP addresses this safeguard with a comprehensive mechanism, called Network DLP, to detect unencrypted PHI leaving an organizations network destined for the internet. This capability has specific mechanisms:
|
Why Data Loss Prevention for Healthcare Systems
DLP Can Provide A Simple Compliance Framework To Prevent The Loss Of PHI
Why Data Loss Prevention for Healthcare Systems Data Loss Prevention is a powerful tool to ensure compliance with regulations such as the HIPAA Security Rule, Joint Commission, and state privacy regulations. It can help you analyze the risks to PHI, educate employees on security polices in real-time and assess areas for improvement. According to a recent 451 Research survey of IT professionals, DLP is one of their top priorities in 2015-2016.
Analyze Potential Risks To Electronic PHI
Protection starts with understanding your risks. The best DLP tools provide a number of mechanisms to analyze risks to PHI per the HIPAA Security Rule and limit PHI access to the “Minimum Necessary”.
Educate Care Providers On Security Policies — In Real Time
Employees are your biggest risk. Data Loss Prevention tools prevent user actions that put your organization at risk and educate users in real time on the appropriate handling of PHI.
Periodically Assess Security Policies
You can’t improve what you don’t measure. Data Loss Prevention tools provide a mechanism to continuously assess security policies and procedures