HIPAA - the Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act – better known as HIPAA - is a Federal Act that provides a standard for exchanging healthcare information between healthcare providers and suppliers. The HIPAA Final Security Rule addresses the privacy and security of the “electronic protected health information” (EPHI). One of the key requirements of this rule is a risk analysis. The Security Rule requires healthcare providers and suppliers to "conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity."
Healthcare providers and suppliers, according to the Security Rule, should identify the vulnerabilities of their EPHI and related information systems. As defined in a HIPAA Advisory article, a “vulnerability” is a flaw or weakness in system security procedures, design, implementation, or internal controls that can be exploited by a threat and result in misuse or abuse of EPHI. Healthcare providers and suppliers can identify system vulnerabilities by performing security assessments. The big problem is translating between OS/400 or i5/OS security settings and the HIPAA Security Rule.
With SkyView Partners' Risk Assessor for OS/400 and i5/OS product , you can have an annual HIPAA security assessment without having to be a security expert yourself. Or, if you'd like some additional guidance or simply don't have the time to read through the Risk Assessor reports, you can sign up for a SkyView Partners Security Check-up. In either case, your i5/OS security configuration will be examined for a wide array of security vulnerabilities and a gap analysis will be provided.
Click here to request more information on a SkyView Security Check-up or the Risk Assessor product.
For more information on the HIPAA requirements a risk analysis, click here.
For a high level overview of the Security Rule, click here.
