Take a moment to read the list of mistakes below. If you haven’t yet conducted your HIPAA assessment, contact ClearLink for a fast, cost-effective assessment and remediation plan to stay compliant and avoid the fines.
The deadline for assessing HIPAA compliance is approaching fast. With violations of HIPAA security standards costing up to $50,000 per infraction, it’s time to make sure your organization and all Business Associates are compliant.
Mistake #1: Using Unsupported Operating Systems
Are any of your organization’s PCs still running Windows XP? If so, you could be at risk for significant security breaches. Microsoft has recently dropped support for the Windows XP operating system, giving potential hackers easier access to your data. An unsupported operating system means the software provider has stopped patching security vulnerabilities. To remain compliant, you might have to upgrade all PCs on your network to a supported operating system.
How at-risk is your organization?
Mistake #2: Not Auditing User Accounts
When was the last time you purged old and unused user accounts from your network? Employees who leave or are terminated may still have their accounts active on your network. These usernames and passwords represent unsecured vulnerabilities that may result in non-compliance. Audit your accounts regularly to make sure old and unused user accounts no longer have access to your network and your data.
Mistake #3: Not Following Password Best Practices
What is the password policy for your organization? Are passwords reset regularly? Your organization needs a Password Policy that follows industry-standard best practices. Additionally, the policy must be implemented consistently across your network to maximize security. Note that password policy extends beyond usernames and passwords. PCs should be set to lock and require logging in after periods of inactivity.
ClearLink is a team of communications technology specialists serving Athens, Atlanta, and Northeast Georgia. Call (706) 549-2809 to schedule your compliance assessment. For more information on HIPAA compliance, subscribe to our HIPAA Newsletter.
Mistake #4: Failing to Use Up-to-Date Malware Protection
Is your antivirus installed, turned on, and up-to-date on all network devices? All a hacker (or an auditor) needs is a single point of vulnerability in your network to compromise your data and expose your organization to fines. You need a network-wide scan to find any weak links in your system before someone else does.
Mistake #5: Using USB Drives without Encryption
Are members of your staff using USB drives to transport or store data? The use of USB drives can lead to security vulnerabilities and the loss of confidential data through theft. Furthermore, once unencrypted data leaves the building, how secure will it be in a staff member’s home or on a public wi-fi network? Eliminate the use of unencrypted USB drives.
Mistake #6: Utilizing an Underpowered Firewall (or No Firewall)
How much do you really know about the hardware and software driving your network traffic? If your firewall doesn’t utilize an Intrusion Prevention System or malware filtering, you could be exposing the entirety of your network to security vulnerabilities. If you’re not equipped with the skillset to make your firewall complaint (and who is?), please consider speaking with an information security professional.
Mistake #7: Using a Non-Compliant Business Associate
Are all your Business Associates HIPAA compliant? You’re only as strong as your weakest link, and anyone with access to your network or data must utilize all the same compliance procedures you do.
Fortunately, ClearLink is a specialist in HIPAA compliance. If you don’t know the answers to any of these questions, or if you’re ready to conduct your fast, cost-effective assessment, contact ClearLink or another HIPAA-compliant security professional today. As written, fines can run as high as $50,000 per infraction!