HIPAA Security Risks in the Cloud

By: Absolute Editorial Team | 5/17/2013

As hospitals migrate electronic patient health information (ePHI) from strictly in-house servers to cloud hosting solutions, the safeguarding of protected health information take on added complexity. In order to comply with HIPAA and the Hitech Acts, healthcare organizations need to be aware of the added risks associated with electronic medical records and cloud services.

CloudTweaks recently put together a list of the Top 5 HIPAA Security Risks:

  1. Theft of laptops or portable devices (theft accounts for 51% of all breaches, 44% of all breaches are from laptops)
  2. Paper files (paper related breaches account for a quarter of all breaches still)
  3. Unauthorized access / disclosure from devices or paper files
  4. Loss of paper files or devices
  5. Hacking / IT incidents

The article talks about several ways to mitigate these risks, from controlling user access to training employees on how the handling of patient data, but it's clear that the management of the endpoint is crucial to mitigating the majority of the major risks to electronic medical records as indicated above.

Through Governance, Risk Management and Compliance (GRC) activities, healthcare organizations can safeguard protected health information. Absolute Computrace provides the foundational support for GRC for the endpoint, through the world's only persistent device connection. Absolute Computrace allows IT administrators to remotely control and secure IT assets within a cloud-based interface – the Absolute Customer Center – where they can enforce compliance policies, identify computers that might be at risk, and take preemptive and reactive measures if a security incident occurs. Computrace also provides Investigations and Recovery services in the event of non-compliant or criminal activities.

Computrace provides foundational support for all activities related to GRC for the endpoint, including:

  • Data security and protection
  • Deployment and licensing audits
  • BYOD policy enforcement
  • Theft & criminal investigations
  • Security incident response & remediation
  • Computer forensics
  • Compliance reports & certificates

By using Absolute Computrace, many breach scenarios can be mitigated and regulations met. Learn more about how Absolute Computrace can address your healthcare security risks here. Learn more about IT GRC in our new video here.

Financial Services