Part of my role as  Chief Technology Officer at Applied Tech, is to stay current on security and compliance practices required of our customers. On April 26th, I attended the HIPAA COW spring event in Wisconsin Dells where healthcare, privacy, and technology experts get together to discuss current trends and news in HIPAA regulated industries. As usual, the event was very informative with some great takeaways.   Even if you are not required to follow HIPAA, these takeaways can provide great value to your organization.

Understand your risks:

  • An annual security risk assessment is required under HIPAA. This is a critical first step in understanding what improvements you should focus on first. As part of the assessment process it is critical to perform a risk analysis of the identified risks, and document a plan to either avoid, mitigate, transfer, or accept those risks.
  • Create a plan and manage to it. After your assessment is complete and risk has been assessed, create a plan and manage to it each month.  Work on critical issues as much as possible and slip in simple changes if you can.  The key is implementing change at a pace the organization can tolerate.
  • Review privileged accounts annually. Privileged accounts are ones that have system administration rights and typically are only available to a small number of people. Ongoing management of and alerting on changes to privileged accounts in your systems is vital to maintaining a secure IT environment.

Avoid fines under HIPAA:

  • Conduct an annual risk analysis. Auditors are looking for a serious approach.  As talked about above, an assessment and plan is a great start to improving your security.
  • Encrypt devices and media. Encryption is a great way to safeguard ePHI on mobile media.  In case of loss or theft, encrypted devices and media is a major deterrent for loss of data. (It is also very easy to implement this today!)
  • Ensure business associate agreements are in place where applicable.

If you are looking for more information on how to increase your security:

The CSA 405(d) Task Group recently developed a publication called Health Industry Cybersecurity Practices (HICP). Part of this publication, called Technical Volume 1, discussed 10 cybersecurity practices that are focused on smaller health care organizations or business associates that have limited resources for managing cybersecurity practices. This publication is vendor agnostic and can help these smaller organizations implement security improvements that will help mitigate the most likely cybersecurity threats today. If you are looking for a more abbreviated source of information check out this blog: 8 ways to stay more secure and compliant!

Applied Tech is an expert in HIPAA privacy when it comes to technology and has designed specific Managed Security packages that you can deploy to stay compliant, secure and fine free.

More about Kris:

Kris Cears has been with Applied Tech since 2002 and has over 18 years in the IT industry. For many years he provided direct support for customers, along with implementing infrastructure projects. He then served as Director of Technical services and oversaw the delivery of Managed Services and Infrastructure Professional Services. He has recently started to focus on improving security both internally at Applied Tech and for our customers. He is certified in many technologies such as Microsoft Server, VMware and HP ProCurve Networking.

Learn how Applied Tech Managed Security can help you stay compliant

The Resource Hub

Get Complete Managed Services Insights

Visit our Resource Center for up-to-date news and stories for technology and business leaders.

8 Critical Priorities Your IT Needs to Nail 

8 Critical Priorities Your IT Needs to Nail 

If you’re a business owner or leader, you know how important it is to have a reliable and effective IT partner that can help you achieve your goals, keep your workforce productive while maintaining a safe and secure network environment.  But how do you know if your IT partner is really delivering on their promises and meeting your expectations? How do you measure their performance and value? ...

Applied Tech Recognized on the CRN MSP 500 List for 2023

Applied Tech Recognized on the CRN MSP 500 List for 2023

March, 2023 – Applied Tech has been named to CRN’s Managed Service Provider (MSP) 500 list for 2023 in the Pioneer 250 category. This annual list recognizes North American companies with innovative approaches to managed services that support customers with the ongoing complexities of IT solutions while optimizing operational efficiencies and systems to maximize return on investment. The Pioneer...

Wisconsin State Journal Names Applied Tech a Winner of Madison’s Top Workplaces 2023

Wisconsin State Journal Names Applied Tech a Winner of Madison’s Top Workplaces 2023

Madison, Wisconsin, March 26, 2023 - Applied Tech has been awarded a Top Workplaces 2023 honor by Wisconsin State Journal Top Workplaces for the second year in a row. The list is based solely on employee feedback gathered through a third-party survey administered by employee engagement technology partner Energage LLC. The confidential survey uniquely measures 15 culture drivers that are critical...

Applied Tech and Platte River Networks Partnership Creates “Strategic IT Powerhouse” for Small and Midsize Businesses

Applied Tech and Platte River Networks Partnership Creates “Strategic IT Powerhouse” for Small and Midsize Businesses

Blockbuster merger expands team and expertise, bringing more knowledge, services, and technical specialization to local growth-minded businesses nation-wide MADISON, Wis. & DENVER--(BUSINESS WIRE)--Two of the IT channel’s top-performing, celebrated managed service providers (MSPs) – Applied Tech and Platte River Networks have partnered to become an MSP superpower serving businesses...

Three IT Service Techs Working

Move Forward with IT Services for Business

Use managed services for small and mid-sized businesses that help you reach your goals.

Work With Us