Health IT and Electronic Health Activate your FREE membership today |  Log-in

Community Blog

Nov 10 2011   10:50AM GMT

The four essentials of a secure health IT infrastructure

Posted by: Jenny Laurello
Business associates, data privacy and security, Data storage, HIPAA, Infrastructure, Patient data, Technology infrastructure

Guest post by: Ruby Raley, Director, Healthcare Solutions, Axway

How do you know that you’ve done all you can to protect your organization’s information and your patients’ information?

I can think of four essential issues of IT infrastructure — hard, fast, universal must-haves — that need to be addressed before you can rest assured you’ve done your best.

1. Authentication

Breaches often involve unauthorized access, where someone find records on the Internet without logging in, and the owners of the records aren’t able to guarantee that only those individuals with both the right to know and the need to know have accessed the data. With the proper authentication and security measures in place, access to protected health records is limited to those who are both authorized to know and who need to know.

2. Secure email

All email messages exiting the organization must be properly protected; a policy-driven email strategy ensures this. Policies create added benefits, too, like filtering out junk mail, which ultimately both secures and optimizes your processes.

3. Secured data storage and transport

The TriCare breach, in which backup tapes were stolen from the car of an SAIC employee and the EHRs of 4.9 million patients were compromised, is a perfect example of why this issue is so important. When your organization’s data is backed up, on tapes or otherwise, and transported, ask yourself: “Will it be possible for unauthorized people to access the data should it be stolen?”

4. Clear Business-associate agreements

Business-associate agreements — contracts you and your business associates sign before any transactions begin — ensure that you’re working with professionals who understand your business. When we work with others, we may forget that they know far less about our business than we do. We must ensure that they have the right training, processes and procedures in place, and that they adhere to the same levels of security.

As you consider and act on these four issues, you will begin to close the loopholes that put company and patient data at risk. You’ll be confident that you have properly authenticated everyone, have the right security in place, are safely exchanging data with other via email and, lastly, have the proper agreements and right people handling sensitive data.

For more information, please visit

Comment on this Post

Leave a comment:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: