The HITECH Act is not being enacted as quickly as the government had hoped. A recent report to Congress claims progress is slow, and holes left in the previous HIPAA Act are not being plugged. This means leaks of Personal Health Information (PHI) are continuing to occur with alarming frequency. The report was made in early November to the subcommittee on privacy, technology and the law.
One big concern is technology providers that host health information but don’t fall within the health IT category, and therefore aren’t regulated. These companies’ end users are able to reveal sensitive health information through internet searches and over social networks.
“As we begin to rely more and more on technology providers to perform our core business functions, we have to understand the associated risks,” said Ryan Keehn, Information Security Officer at Businessolver. “These providers are gaining access to the sensitive data when they take over these functions.” Keehn recommends regularly asking the following questions of your business partners:
- Who has access to my data?
- How is my data being transferred?
- What are you doing with my data after you have it?
Minnesota Senator Al Franken, chair of the subcommittee, said he would consider legislation to augment HITECH by requiring the encryption of health data -extremely rare among health IT companies at this point – and requiring health data security rules to be applied to a broader segment of vendors.
If you already entrust Businessolver with your company’s health information, rest assured those measures are already being taken.
All Personal Identification Information (PII) and Personal Health Information (PHI) is encrypted in transit and at rest. All Businessolver desktops and laptops are encrypted, all file servers are encrypted, and the databases are encrypted using strong 256-bit encryption.
“The encryption at rest is a very important factor,” said Keehn. “Most companies don’t focus on this factor. They are only looking at encrypting their data in transit, and relying on their access controls to keep their data safe when sitting on the hard disk. At Businessolver we still have the access controls, but we are also encrypting the data on the drives so that if someone does walk off with a server, they still won’t be getting our customers’ data.”
Keeping client data secure is priority one, so Businessolver’s security measures in all areas go above and beyond what is required. We work with external auditors to produces several independent audit reports and security assessments periodically. These include an annual Type II SAS 70 report, quarterly Application Vulnerability Assessments, and annual Network Penetration Testing. In addition, our clients are welcome to perform their own audits of our systems as well to gain that additional level of assurance.
If data security is important to you, contact your Businessolver representative to learn how we protect the data your employees trust to your care.
