Manage

HIPAA violation examples: The five most common mistakes

By

Kristen Lee, News Writer

4/6

Healthcare data security: Lack of transmission security, encryption

Source: yogysic/iStock

Visual Editor: Sarah Evans

When it comes to healthcare data security, OCR said that the three main areas of error are the lack of encryption, lack of transmission security and the use of unpatched or unsupported software.

OCR said that all HIPAA-covered entities must either implement encryption or document why encryption is not reasonable and appropriate in a particular circumstance. From there, the entity must implement reasonable compensating healthcare data security controls.

Encrypting data in transit is also a requirement, OCR said. This is important, for example, in relation to mobile in healthcare.

And finally, healthcare organizations' use of unpatched or unsupported software creates a healthcare data security risk on systems that access ePHI. However, with patch management technologies, it is possible to automatically update and patch software.

View All Photo Stories

SearchCompliance

Use ISO 22332 to improve business continuity plans
Standards offer guidance on business continuity and disaster recovery plans. ISO 22332 is no exception, providing great detail on...
An adequacy audit checklist to assess project performance
Adequacy audits are conducted to assess the efficacy of IT system controls and identify areas for performance or other ...
How to successfully automate GRC systems in 7 steps
There is more to automating GRC programs than technology alone. This implementation roadmap helps IT leaders effectively plan, ...

SearchCIO

FTC's change to policy could make for healthier mergers
Cornell's Robert Hockett said the FTC's recent decision to rescind a 1995 policy could help prevent bad mergers, as scrutiny of ...
Chinese regulatory crackdown is about control, not data privacy
Despite China's messaging, analysts believe the government's recent regulatory tightening on tech companies is more about control...
Regulators need to rethink big tech regulation, expert says
A Boston University professor argues that big tech regulation may need to focus more on creating competition through data access ...

SearchCloudComputing

Key aspects of RPA in the cloud
As more enterprises prioritize automation, RPA seeks to build upon that growth within the cloud sector. Learn why vendors see the...
Dive into DigitalOcean Droplets and App Platform
DigitalOcean vies with AWS, Azure and others by targeting developers and startups. See what it has to offer and how it competes ...
4 best practices for big data security in cloud computing
When dealing with vast amounts of data in the cloud, enterprises need to be proactive with security. Don't wait for a threat to ...

SearchMobileComputing

Tech buyers warned Windows PC prices rising soon
Gartner and IDC expect price hikes for Windows PCs to come soon because of the global chip crisis. An IDC analyst said prices ...
Evaluating Apple Configurator and its alternatives
IT's first step to deploy mobile devices is to configure them, so organizations will have to decide if Apple Configurator is ...
Amazon updates aim for Alexa everywhere
Amazon's latest Alexa advancements include better support for natural language, interoperability with more devices and support ...

SearchSecurity

Keycloak tutorial: How to secure different application types
IT pros and developers can secure applications with the open source IAM tool Keycloak. When you don't need to worry about ...
Secure applications with Keycloak authentication tool
As we look toward the future of authentication, open source tools, such as Keycloak, provide companies a way to secure ...
Kaspersky tracks Windows zero days to 'Moses' exploit author
In its second-quarter threat report, Kaspersky Lab found a rise in the use of exploits and zero-day vulnerabilities, several of ...

SearchStorage

How the Container Storage Interface can aid Kubernetes use
Compared to in-tree plugins, the Container Storage Interface simplifies Kubernetes integration with storage devices, but thorough...
NVMe speeds vs. SATA and SAS: Which is fastest?
The NVMe protocol is tailor-made to make SSDs fast. Get up to speed on NVMe performance and how it compares to the SATA and SAS ...
Distributed storage carves niches for enterprise use
Numerous vendors specializing in distributed storage and other distributed services look to expand userbases and find new appeal ...

Close