Physical Security Systems in the Healthcare Industry and Compliance with HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) in the United States advocates for health insurance coverage for all workers and their families, and it needs only national standards for electronic healthcare transactions.

Healthcare executives know the importance of secure EMR solutions. But HIPAA works to make sure that they do not break privacy laws in their efforts towards keeping their companies safe.

The law has set some regulations regarding privacy which include the individual’s health status, payment for healthcare or provision of health care. Also, the State of California has some additional laws concerning health care.

There are some countries in the world which have also set laws regarding health privacy. Some of these countries are Uruguay, Argentina and some others in Europe, Australia, and Central Asia.

Role of physical security in safeguarding data

Physical security systems play a significant role in keeping patient information safe and private as required by many laws. For example, AMAG has come up with new methods within its symmetry group of products that allow healthcare facilities to exhibit their compliance with HIPAA. The major area where AMAG focuses on is compliance reporting.

AMAG’s Symmetry access control system and Symmetry Complete View video Management installed by hospitals and healthcare facilities play a role in managing and controlling access to certain areas and medical records as well as providing HIPAA compliance throughout their buildings and campuses.

Need for versatile authentication form

Health data is as much as critical as financial data in the online banking industry. Such kind of information requires a layered system approach to applying the appropriate risk management levels.

Patients can benefit from the same authentication system both outside and inside the hospitals even though they don’t access their healthcare information as frequently as online bankers do.

Hospitals and healthcare facilities need to have an authentication policy which can detect real-time threat capabilities to successfully implement the critical five layers of security including user authentication, transaction authentication with pattern-based intelligence, device authentication, and application security.

Access to patient’s medical records and other controlled materials can be controlled using access control systems. Biometric readers can be used in medical facilities to provide access to authorized individuals and develop and audit track for review of reporting.

Ensuring privacy with video surveillance

HIPAA also has an impact on the use of video monitoring systems in the United States as with other privacy legislations around the world. According to HIPAA’s regulations, patient’s privacy must be protected when installing a physical security system.

HIPAA requires patient’s personally identifiable information or PII to be protected. Any information which can be used to identify uniquely, contact or locate a person or information which can be employed together with other sources to identify an individual is considered to be PII uniquely.

Video cameras in hospitals and healthcare facilities must be placed in such a way that they don’t violate HIPAA laws.

SharePoint Extranet Security, Authentication, And More

Most SharePoint solutions, including those provided by SharePoint consulting firm EntranceConsulting.com, are developed to provide an intranet. This, in turn, makes internal networks a safer place to provide integration capabilities and the collaborations that organizations desire for their businesses and employees, among others.

However, there are other two cases for SharePoint which people do not pay attention to Extranets, also known as portals, which have the same capabilities as SharePoint for employees to work with customers. Public websites which can allow your website to control SharePoint content management capabilities, for easy and quick changes.

Intranets are not accessible to the outside world but they can be made accessible upon request. But it is a requirement for extranets to be available to the outside world. More often than not, this brings to the fore some security questions.

Active Directory domain controllers

It is a given that your SharePoint farm will need Active Directory, but the issue is how to communicate with the AD. Active Directory uses random ports. However, you are required to alter its configurations to be able to use very specific ports. Using random ports has some security benefits, but it affects how the firewall behaves.

Application Security / SharePoint platform security

There are different ways in which software susceptibilities happen. For some period, many developers did not keep track of where the data started and ended and this created an opening for attackers to place malicious data in any location, and then executed it.

This was the main means of vulnerability, and it was known as buffer overflow. However, when Microsoft recognized this issue, they solved the problem by creating a managed code which handles data carefully, so the developer doesn’t need to track the data from where it begins to where it ends.

Currently, SQL is one of the common vulnerabilities. This is where developers have entrusted the users to enter data that is safe but users enter data that gets executed by the SQL database engine. This issue is quite prevalent although Microsoft has provided methods to avoid such scenarios.

SharePoint code follows best practices, and it controls many platforms, which strengthens its security making the SharePoint application code a solid rock.

Authentication

Internally, SharePoint communicates with its servers and service applications using claims. The moment you try to get search results you become a claim. SharePoint uses its default configuration, which is the authentication based on claims and the authentication integrated to the Windows to convert your Windows authentication into a claim.

Externally, users can configure a trusted identity provider to authenticate SharePoint using the Security Assertion Markup Language (SMAL) protocol. In this case, the provider gives SharePoint a claim. Thus the inbuilt secure token service is not used.