Part of my role as  Chief Technology Officer at Applied Tech, is to stay current on security and compliance practices required of our customers. On April 26th, I attended the HIPAA COW spring event in Wisconsin Dells where healthcare, privacy, and technology experts get together to discuss current trends and news in HIPAA regulated industries. As usual, the event was very informative with some great takeaways.   Even if you are not required to follow HIPAA, these takeaways can provide great value to your organization.

Understand your risks:

  • An annual security risk assessment is required under HIPAA. This is a critical first step in understanding what improvements you should focus on first. As part of the assessment process it is critical to perform a risk analysis of the identified risks, and document a plan to either avoid, mitigate, transfer, or accept those risks.
  • Create a plan and manage to it. After your assessment is complete and risk has been assessed, create a plan and manage to it each month.  Work on critical issues as much as possible and slip in simple changes if you can.  The key is implementing change at a pace the organization can tolerate.
  • Review privileged accounts annually. Privileged accounts are ones that have system administration rights and typically are only available to a small number of people. Ongoing management of and alerting on changes to privileged accounts in your systems is vital to maintaining a secure IT environment.

Avoid fines under HIPAA:

  • Conduct an annual risk analysis. Auditors are looking for a serious approach.  As talked about above, an assessment and plan is a great start to improving your security.
  • Encrypt devices and media. Encryption is a great way to safeguard ePHI on mobile media.  In case of loss or theft, encrypted devices and media is a major deterrent for loss of data. (It is also very easy to implement this today!)
  • Ensure business associate agreements are in place where applicable.

If you are looking for more information on how to increase your security:

The CSA 405(d) Task Group recently developed a publication called Health Industry Cybersecurity Practices (HICP). Part of this publication, called Technical Volume 1, discussed 10 cybersecurity practices that are focused on smaller health care organizations or business associates that have limited resources for managing cybersecurity practices. This publication is vendor agnostic and can help these smaller organizations implement security improvements that will help mitigate the most likely cybersecurity threats today. If you are looking for a more abbreviated source of information check out this blog: 8 ways to stay more secure and compliant!

Applied Tech is an expert in HIPAA privacy when it comes to technology and has designed specific Managed Security packages that you can deploy to stay compliant, secure and fine free.

More about Kris:

Kris Cears has been with Applied Tech since 2002 and has over 18 years in the IT industry. For many years he provided direct support for customers, along with implementing infrastructure projects. He then served as Director of Technical services and oversaw the delivery of Managed Services and Infrastructure Professional Services. He has recently started to focus on improving security both internally at Applied Tech and for our customers. He is certified in many technologies such as Microsoft Server, VMware and HP ProCurve Networking.

Learn how Applied Tech Managed Security can help you stay compliant

The Resource Hub

Get Complete Managed Services Insights

Visit our Resource Center for up-to-date news and stories for technology and business leaders.

Employee Spotlight: Todd Younkin

Employee Spotlight: Todd Younkin

We are excited to shine a light on Todd Younkin, an invaluable member of our team and the Team Lead at Applied Tech. Hailing originally from State College, PA, Todd brings a wealth of experience and leadership to our dynamic environment. Todd's professional journey encompasses diverse roles, from his early days working IT in a hotel to a library. Todd's education has been a blend of hands-on...

Employee Spotlight: Meet Mikaela Norgard

Employee Spotlight: Meet Mikaela Norgard

This month, we are excited to shine the spotlight on Mikaela Norgard, a Systems Technician based in Fargo, North Dakota. Mikaela’s journey in the tech world started with diverse experiences, from bartending in a local downtown bar to teaching music theater to K-12 students. Mikaela’s educational foundation was laid in Fergus Falls, Minnesota, where she graduated from Kennedy Secondary High...

Employee Spotlight: Nick Tesi

Employee Spotlight: Nick Tesi

This month we are shining a spotlight on one of the outstanding members of the Applied Tech team, Nick Tesi. Nick brings a wealth of experience and a diverse skill set to his role, making him an invaluable asset to our organization. Nick’s journey to his current position as vCIO and Account Manager at Applied Tech is nothing short of remarkable. His career path has included various roles such as...

Password Managers: Simple, Necessary Protection For You and Your Business

Password Managers: Simple, Necessary Protection For You and Your Business

The standard internet user will access several websites and applications on any given day. Each one of these different accounts will highlight the importance of not repeating passwords, and many even require a combination of letters, numbers, and symbols. The trouble with this, however, is that if we were to have a unique password for each online account that meets the complexity requirements,...

Three IT Service Techs Working

Move Forward with IT Services for Business

Use managed services for small and mid-sized businesses that help you reach your goals.

Work With Us