Exchange of health information over the Internet can be a risky business. Unfortunately, as people become accustomed to doing most if not all, its line of personal business, the demand for access to this information online will grow to the point that doctors have no choice but to either facilitate access to such private health information or losing customers.

The Health Insurance Portability and Accountability Act (HIPAA) was enacted to ensure confidentiality of patient information. This requires that providers of health care use strict measures to ensure that the information shared on the Internet is protected unauthorized access.

HIPAA requires that health service companies to:

• Assign responsibility for security to a person or organization.
• Assess security risks and identify the main threats to security and privacy of protected health information.
• Establish a program to address physical security, personnel security, technical controls, safety and security incident response and recovery disasters.
• Certify the effectiveness of security controls.
• Develop policies, procedures and guidelines for the use of computer devices Personal (workstations, laptops, handheld devices) and mechanisms that guarantee in place that allow, restrict and terminate access (lists access control, user accounts, etc.) appropriate to the condition of an individual, the change of status or termination.
• Implement access controls that may include encryption, context-based access, role-based access, or user-based access, the audit control mechanisms, authentication data, and authentication of the entity

This law has serious consequences for organizations that allow unauthorized access resulting in a violation of confidentiality.

Safety is the key

Since HIPAA establishes civil and criminal penalties for violations, data and security Access is
paramount importance. To ensure compliance with HIPAA,
document management online should include a range of security features:

• Securing a web server to a server running Secure Socket Layers is the minimum necessary.
• An encrypted database, all data must be encrypted. There are computer programs that are all encrypted data sent between two computers over the Internet.
• Secure access control – Plus a user ID and password tradition, can be a good idea to use a password or smart card as additional security.
• A session timeout – This ensures that confidential data is not left unattended on a screen.
• A server control: the secure web server has to be strictly monitored for break-in attempt.
• Regular security audits, regular audits are necessary to ensure that all safety precautions are functioning properly.
• Staff Â-system maintenance should be handled by qualified personnel familiar with HIPAA requirements

Rick Mosenkis is the President and CEO of Trichys, the creators of WorkZone hosted intranet and extranet software, including a higher-security version for HIPAA compliance. With customers around the world, among large and small companies, Trichys develops easy-to-use web-based software that allows non-technical business professionals to leverage the power of the Internet without IT support.

Make FireFox Extremely Fast Tutorial