The new American Recovery and Reinvestment Act provide money to support designing and implementing new ways of transmission and storage of electronic health care data. This new law requires there to be significant change in privacy and security regulation related to electronic health records. These new requirements will help stop snooping incidents from happening by requiring you to implement tighter data security controls.
This white paper discusses best practices related to securing patient information. More proactive controls need to be put in place to provide better authentication, authorization and auditing capabilities around health care related information. In order to do this you need to control access to core systems and applications as a first layer of security. For a second layer you need to control access down to the data level. Additionally there needs to be security at the operating system level to prevent unauthorized access by administrators as a third layer of protection. Lastly, you need to make sure you provide a mechanism to consolidate activity and event logs, and provide meaningful audit reporting.
As you move forward with trying to implement these new health care data requirements you need to consider access management solutions. By using access management solution the administration cost can be reduced, and can make health care professionals more productive. You may find that an access management system makes it easy to implement a HIPPA compliant solution that will reduce your organizations security risk when dealing with electronic medical records.