HIPAA Blog

[ Monday, May 11, 2009 ]

 

Securing Against the Inside Job: Most of the security focus baked into HIPAA relates to protecting the PHI you send, use and maintain focuses on outside threats. The Virginia prescription drug hacking case is a good recent example. But, where is your biggest threat? It's not so much an outsider; most cases of data loss due to outside actors are laptop and pda thefts, or office break-ins. These are "crackhead" cases, where some criminal is trying to steal saleable assets like computers, not the information that's on those computers. Most likely, the data is scrubbed off at the earliest possible time.

Rather, your biggest threat might be from the insider, who doesn't need to get through your firewall; he/she just needs to log on. You do need task-based rules to prevent your workforce members from accessing what they don't need to access; but if an employee needs access for work purposes, it would be all too easy for them to use that access for illegal or improper purposes.

Jeff [9:33 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template