The Health Information Technology for Economic & Clinical Health (HITECH) act really does ‘up the ante’ for HIPAA enforcement. In theory Health organizations have had to comply with the Health Insurance Portability and Accountability Act (HIPAA) since its introduction in 1996. Originally HIPAA was introduced by congress to protect the health insurance rights of employees made redundant. The problem with HIPAA has been the broad interpretation adopted by many healthcare providers and insurers. In fact, many providers require the waiver of HIPPA rights as a condition of service. This has undoubtedly resulted in a varying degree of adoption among providers leaving many unsure as to whether they are or are not considered compliant. But how could you blame them? The requirements aren’t specific and there has been little enforcement to speak of. The HITECH act as part of the American Recovery and Reinvestment Act aims to change all that with increased penalties for non compliance.
A breach that exposes a patient’s confidential data could have serious and lasting consequences. Unlike credit cards for example, which can be cancelled and changed if they are exposed – health care records can’t just be changed or re-set. According to data from Forrester Research criminals are increasingly targeting health care organizations. For security teams within health organizations HITECH’s increased penalties may well assist in the justification of funding needed to sure up security and compliance projects that may otherwise have languished under the previously ambivalent and poorly defined HIPAA enforcement. There are already cases of lawsuits underway for alleged HIPAA violations due to exposed or breached PHI, likely to end with heavy financial compensation payments being ordered. Like all things in life there’s usually a process to follow and HIPAA and HITECH are no different. Administrative Safeguards – specifically written evidence of measures adopted to ensure compliance. Internal auditing in particular change management processes, approvals and documentation to provide evidence that systems and process is properly governed.
Physical Safeguards – including access controls, restrict and control access to equipment containing PHI information. Technical Safeguards – Configuration ‘hardening’, to ensure that known threats and vulnerabilities are eliminated from all systems, with a zealous patch management process combined with anti-virus technology, regularly tested and verified as secure. Strong Monitoring for security incidents and events, with all event logs being securely retained is also a key measure to safeguard IT system security. Therefore it makes sense to consider measures for HIPAA compliance in the context of PCI DSS also, since the same technology that helps deliver HIPAA compliance should be relevant for PCI DSS. Or to put it another way – compliance with one will significantly assist compliance with the other. What do you need to do as an IT Service Provider to your Organization? Compliance Auditing (AKA Device Hardening) – typically, ‘out of the box’ as well as ‘made to order’ reports allow you quickly test critical security settings for servers & desktops, network devices and firewalls. The best solutions will provide details on your administrative procedures, technical data security services, and technical security mechanisms. Generally, these reports will probably identify some security gaps to begin with.
Once repaired though, you can generate these reports again to prove to auditors that your servers are compliant. Using inbuilt change tracking you can ensure systems remain compliant. Change Tracking – once your firewalls, https://nationalnews.icu/ servers, workstations, switches, routers etc are all in a compliant state you need to ensure they remain so. The only way to do this is to routinely verify the configuration settings have not changed because unplanned, undocumented changes will always be made while somebody has the admin rights to do so! Device ‘Hardening’ must be enforced and audited. Event Log Management – All event logs from all devices must be analyzed, filtered, correlated and escalated appropriately. Event log messages must be stored in a secure, integrity-assured, repository for the required retention period for any governance policy. Correlation of Security Information & Audit Logs – in addition you should implement Log Gathering from all devices with correlation capabilities for security event signature identification and powerful ‘mining’ and analysis capabilities.
But there are plenty of vendors online selling Lugol’s solution that can be diluted in water and drunk on a daily basis. Lugol’s is a mixture of iodine and iodide. Your thyroid tends to prefer iodide, while the rest of your body prefers iodine. I would shoot for a lower daily dosage then the Japanese ingest, but more then the 150mcg recommended in this country. When you ingest Lugol’s, you’ll also need to consume an organic source of selenium like Brazil nuts, or plants that contain selenium. Magnesium chloride is something we are all deficient in. Sadly, most magnesium supplements contain magnesium oxide, magnesium citrate, or magnesium malate. Your body craves the chloride. End of story. All those other magnesiums are close to worthless. The good news, is there are companies out there selling magnesium chloride for use on the skin, or in the bath. This is because you can absorb magnesium through your skin. But a man doesn’t have time to soak in a bath!