[ Monday, May 11, 2009 ]
Securing Against the Inside Job:
Most of the security focus baked into HIPAA relates to protecting the PHI you send, use and maintain focuses on outside threats. The Virginia prescription drug hacking case
is a good recent example. But, where is your biggest threat? It's not so much an outsider; most cases of data loss due to outside actors are laptop and pda thefts, or office break-ins. These are "crackhead" cases, where some criminal is trying to steal saleable assets like computers, not the information that's on those computers. Most likely, the data is scrubbed off at the earliest possible time.
Rather, your biggest threat might be from the insider
, who doesn't need to get through your firewall; he/she just needs to log on. You do need task-based rules to prevent your workforce members from accessing what they don't need to access; but if an employee needs access for work purposes, it would be all too easy for them to use that access for illegal or improper purposes.
Jeff [9:33 AM]
Blogger: HIPAA Blog - Edit your Template