Now that we have mentioned the first two components of a cyber security policy (administrative and physical) in the previous blogs, it is time to address the third, and arguably the most crucial, component of a cyber security policy for an LTPAC facility – the technical components.
Technical safeguards, as defined by HIPAA, are intended to create policies and procedures to govern who has access to electronic protected health information. Whereas physical safeguards address access to hardware components, administrative and technical safeguards work together to ensure that only authorized users have access to protected health information.
The technical components of a cyber security policy include:
Identification and Authentication: This refers to the ability to validate or authorize an employee or registered device access to a system. For example, a nurse should have a strong password to access a registered mobile device and connect it to a secure Wi-Fi signal. If your facility has a public Wi-Fi system for patients and their families to use, then it must be separate from the system that your employees use to access patient records and data.
Antivirus software: Antivirus software is crucial in preventing malicious software from entering your system. Oftentimes, users may not even know that they are downloading an infected file or message as viruses have a way of attaching themselves to innocuous messages or files. Much like a virus within the human body, a software virus will replicate until it has significantly slowed down or disabled the host software and hardware.
Security Patch Management: Security patch management is the process of regularly “updating software to reduce the risk of compromise to applications, systems, and computers as a result of system flaws, thus it is more of a reactive response to a discovered vulnerability,” according to the Department of Health and Human Services. In its simplest terms, a patch is a piece of code that fixes an identified vulnerability or bug within the existing software.
Firewalls: Firewalls prevent unwanted network intrusions and external cyber attacks by providing a layer of protection that regulates traffic entering and exiting a network using four different mechanisms – packet filtering, circuit-level gateway, proxy server, and application gateway.
Encryption: Encryption safeguards against accesses by anyone other than approved users and devices by maintaining the integrity of the connection and files within the system and protecting sensitive data as it is transmitted throughout the system.
Most importantly, you should understand that technical safeguards are just that- very technical. While installing or running an update on Microsoft Word might be easy to the average person, you should always rely on trained professionals to set up your network as well as install antivirus software, firewalls, and patches on complicated medical software that transmits data via your network. This will ensure that the job is completed thoroughly and accurately.
For further information regarding specific HIPAA standards for technical security standards and the security management process, click here. Most importantly, it is critical that your IT department stays abreast of monitoring your system and implementing the latest updates and security patches. The Department of Health and Human Services notes that, “As much as the cyber dimension connects multiple types of infrastructure, it is a constantly evolving network with ever-changing threats and vulnerabilities to discover evaluate and manage. Thus, securing cyber space is quite a challenge. Threats are becoming even more sophisticated while security technology strives to keep the same pace.
The next blog will outline how to develop a contingency plan in the event of a cyber breach or attack. Additionally, the blogs will provide resources for LTPAC managers and professionals.
Next (and last) blog in the series of Cyber Security Policy for Your LTPAC Facility:
- Developing a contingency plan in the event of a cyber breach or attack