http://healthitsecurity.com/2013/09/04/ehr-and-mobile-device-auditing-security-requires-vigilance/
By Dom Nicastro
Health IT Security
September 4, 2013
If you need a few reasons to adapt to the latest security advancements, just
look at the calendar for September and circle the “23”. That’s compliance day
for the HIPAA Omnibus Rule, which modifies the privacy, security and
enforcement rules. There are 659 more reasons – one for every large
patient-information breach – on the Office for Civil Rights (OCR) Breach
Notification Tool as of late August.
Security today, naturally, goes beyond the traditional “shred the paper”
techniques and two of the biggest issues are related to EHRs and mobile
devices. HealthITSecurity.com caught up with a security officer whose
organization is paying close attention to those two aspects of the securing
protected health information (PHI) game. Nancy Davis, MS, RHIA, CHPS, system
director of privacy and security for Ministry Health Care in Milwaukee, offered
some details about some of the latest advancements her organization has made
and how it ensures security.
EHR access auditing
While the jury is still out on a final rule on accounting of disclosures and
proposed EHR access reports, looking into auditing in EHRs is a must for
organizations, Davis said. “Face it by now most organizations have the EHRs but
are lagging in the auditing area either due to the constraints of the EHR
application and/or the need to finance external auditing applications,” Davis
maintained.
Ministry Health Care handles EHR access auditing through a combination of
internal and external auditing applications. What’s a good first step if an
organization is implementing this type of auditing? Have some type of tool –
you have to have this.
[...]
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
