Questions? Contact Us


Latest News

Featured News & Events

For HIPAA controls, how O can you go?

There's devil in the details of the various controls organizations use to ensure compliance with the requirements of the Health Insurance Portability and Accountability Act (HIPAA). We highlighted them all in a recent blog post if you want to read more.

Broken out as administrative, operational or technical, HIPAA controls refer to the various processes, procedures and system features that help organizations minimize risk by detecting, reducing or even eliminating the probability of a certain threats.

Basically, administrative controls are those dealing with human behavior, while operational controls speak to the risks inherent to the physical environment or location. And technical controls focus on – you guessed it – technology, from the computing hardware to the wireless network and more.

A risk manager typically rates the effectiveness of each implemented control using a process maturity scale:

  • Minimal - control is not fully implemented or is used in a way that requires reliance on individual discretion for its implementation.
  • Repeatable - control is implemented in a consistent manner that can be repeated by different individuals and in different situations, although not all associated procedures may be formally documented.
  • Defined - control is implemented and managed according to a standardized procedure that is well documented.
  • Benchmarked - control is implemented using repeatable, defined methods that conform to industry best practices.
  • Optimized - control is implemented using repeatable, defined methods that conform to industry best practices and which are routinely monitored to ensure control remains appropriate to a changing environment. At this level, controls are subject to continuous process improvement.

For an organization subject to HIPAA compliance, the controls can seem a bit daunting, and rightfully so, as they should not be taken lightly. At ZZ Servers, we help customers track more than 40 different processes, procedures and tests to gauge where they stand on the implementation of each of the 24 controls.

So how "optimized" does an organization need to be for a given control? And are any controls more important than others?

Recent headlines would suggest that device and media controls are among the hotter HIPAA items. Last month, it was revealed that wireless health services provider CardioNet reached a $2.5 million settlement with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). It seems that a CardioNet laptop computer with electronic personal health information (ePHI) was stolen from an employee's car.

In the ensuing investigation OCR reported that CardioNet did not have sufficient policies and procedures in place with respect to ePHI. In fact, those procedures were still in draft form and had not been implemented, much less optimized.

One can only wonder if CardioNet was somewhere above "minimal" on the process maturity scale for their device and media controls if the financial punishment would have been different for them.

But the larger point is that getting your HIPAA house in order is no small feat. And all of the controls are important.

Reaching "optimized" status across on any of the 24 HIPAA controls (and the 40 checklist items) is a tall order for smaller organizations, and that's where ZZ Servers can help.

We specialize in building HIPAA-compliant systems backed by a full set of managed service offerings where security is built in from the beginning. ZZ Servers takes the security of your business and the protected health information data seriously, and we know security inside and out.

It's this kind of mentality and expertise you want on your side to help you navigate the detailed controls and checklists that will boost your HIPAA compliance – without busting your budget.

Connect with us today and let us show you how we can help.

What providers really need to know about HIPAA Tit...
WannaCry Ransomware Teaches Painful Lesson in Patc...

Related Posts


Tag Cloud

SSL VPS Servers PCI Domani Names Control Panel Information Technology TiaraCon Hosting mail server network backup solutions PCI DSS 3.2 smartphone cell phone email HIPAA spam logical security cyber protection email accounts eCommerce Solutions IT vyatta router firewall filter security PCI HIPAA cyber monitoring IT Services embedded sender policy multi-factor authentication pci complliant hosting Accountability Act permissions education IT solutions Cloud Computing IT services credit card payment bash Medical Solutions credit cards stolen ZZ Servers Server Mangement HIDS anti virus businesses Alarm Internet Corporation computer security CentOs Las Vegas PCI Audit OSSEC ICANN personal information follow.The HIPAA Privacy Rule trends Shmoocon members area recovering data National Cyber Security Awareness Month DRP compliant hosting malicious software windows 7 Zendzian phishing attacks Medical Records Announcement IT Solutions PCI Hosting arduino small business Business Solutions Cybersecurity business Compliance business solitions log files Security security ipad iphone black friday assesment computing in the cloud IT security Windows Presentation security circles shared secure hosting openssl command line physical World Backup Day motivation hosting control panel Health Care Cybersecurity Reports PCI Service Provider search Health Insurance Portability data breach shared server safe computing Disaster Recovery Plan credit card Interworx-CP healthcare solutions Credit Cards David Zendzian cyber security Linux business community Online Business PCI Solutions InterWorx BSides DEF CON cli social engineering Home Depot Breach shared folders Cybersecurity Business Solutions spoofing support kerio Geekend Internet Continuous Monitoring qsa Debian employee training password Car Hacking Healthcare Records vulnerability scanning compliance information technology health care providers GDPR phishing TLS HIPPA protect data Firetalk cyber apache Charleston infrastructure PCI compliance Assigned Names data privacy physical security dss Internet infrastructure activesync cybersecurity two factor authentication spf Credit Card Security Payment Card Industry video Hackers caller-id data protection HIPAA solutions business solutions teensy cloud ZZ Servers Co-Founder QSA PCI Data Security Standards Business Planning passwords intrusion detection Ubuntu eCommerce computer networks dsbl Web Hosting Xen Small Business PCI Compliance Email INFOSEC cyber liability insurance exchange Vulnerability Sysadmin HIPAA Solutions vps cyber monday management blackberry amazon ec2 shared hosting lamp change