Though global ransomware attacks are on the decline, healthcare organizations continue to be disproportionately targeted by hackers. HIPAA-compliant data storage is important to mitigate risks. It involves implementing both physical and digital safeguards designed to protect sensitive health information from a growing number of threats.
Author: Albert A. Ahdoot, Director of Business Development, Colocation America.
Experts believe that the healthcare industry now experiences the most ransomware attacks of any sector, with 85 percent of all malware attacks in 2017 occurring in the healthcare space. What’s more, malware attacks on hospitals, clinics, and other healthcare-oriented organizations have far greater implications than attacks on organizations operating in other industries.
While hackers value any piece of personally identifiable information they can get their hands on – in a typical attack, they can gain access to home addresses, social security numbers, dates of birth, and so on – medical records also include highly sensitive information related to patients’ addiction histories, infectious disease statuses, and even domestic violence incidents. While these attacks can occasionally impede the day-to-day operations of hospitals, clinics, and physicians’ offices, they almost always expose the target organization to costly violations of the Health Insurance Portability and Accountability Act (HIPAA) – even when no material damage is done.
Be that as it may, healthcare IT teams often dedicate the bulk of their attention to securing Internet-connected medical devices and onsite computers, relegating HIPAA-compliant data storage to the back burner. For the benefit of patients and healthcare practitioners alike, it’s time to give proper healthcare data management the attention it’s due. To that end, what follows is a guide to everything healthcare organizations need to know about HIPAA-compliant data storage in 2019.
– read more below the image –
HIPAA Requirements for Data Storage
HIPAA’s guidelines for proper data storage cover both the digital and physical precautions healthcare organizations must take to keep patient data safe and secure. There are many technical requirements data centers must meet to remain compliant with HIPAA hosting standards, including (but not limited to):
- SSL Certificates and HTTPS – Install secure sockets layer (SSL) certificates for any domains and subdomains on which sensitive information could be accessed. Any part of a site that asks for a user login should have an SSL, period.
- AES Encryption – Use an Advanced Encryption Standard (AES) to encrypt sensitive data stored on servers. HIPAA requires healthcare organizations to encrypt and decrypt electronic private health information “whenever deemed appropriate.”
- VPN – Use a strong, encrypted Virtual Private Network (VPN) to protect patient data. Include remote VPN access to allow those with proper credentials to log in to the protected network from a remote device.
- Dedicated Private Firewall – Use a combination of hardware firewalls and software firewalls, as well as a firewall designed for web applications.
- Disaster Recovery Plan – Craft a disaster recovery plan in case a server malfunction or other unforeseen event causes the loss of health information.
- Offsite Backup – In addition to having a disaster recovery plan, healthcare organizations must store private health information in an external location.
- Multi-factor Authentication – Compared to some of the other requirements on the list, multi-factor authentication is relatively easy to implement. As its name suggests, it is a security check that uses two forms of verification to confirm a user’s identity, and it should be installed on all relevant parts of a site.
- Dedicated IP Address – Data must be stored on a private IP address that is isolated from the public internet.
As for physical storage, HIPAA requires healthcare organizations to keep data on redundant, isolated, and secure database and web servers. These servers must have access to a high-speed connection and hardware that can run a variety of software and communications applications for multiple device types. Other physical safeguards a healthcare organization’s data center should feature include: Limited facility access and controls for authorized or restricted access.
Meeting Compliance Standards
Many assume that HIPAA violations always stem from online activity, but keeping servers physically safe is an equally important factor in protecting patients’ sensitive – and legally protected – data.
Adhering to these requirements can be quite overwhelming, which is why healthcare IT professionals often choose to offload the most complicated aspects of HIPAA compliance to a colocation provider. By partnering with a facility that has passed a rigorous HIPAA audit, healthcare organizations can rest easy knowing their offsite copies of patient data are safe and meet compliance standards.
About Colocation America and Albert A. Ahdoot
With 22 data centers in 8 major locations, colocation hosting provider Colocation America is a company delivering its services throughout the US since 2000.
As Director of Business Development at Colocation America, Albert A. Ahdoot leads the company’s sales efforts by intelligence, gathering, drafting, and enforcing sales policies and processes, as well as implementing and evaluating new business strategies. With over 10 years of experience in consulting and business management in the technical industry, Mr. Ahdoot helps driving scalability and efficiency throughout Colocation America.
Interested in sharing your Expert Blog with our visitors on HostingJournalist.com?
Contact us at [email protected].