Utilizing an Intranet comes with a number of positives, such as enhanced collaboration, organization, and management to name a few. However, like any organization process or product, an Intranet also comes with the responsibility of keeping information secure and private.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 sets a standard for healthcare organizations in terms of security. HIPAA’s strict Privacy Rule and Security Rule of 2003 is especially important for companies using Intranets to warrant that all private health information is protected from unauthorized users.
That said, it is imperative for your IT department to prioritize HIPAA compliance while managing documents and other information on your company’s Intranet. Your Intranet contains strong security features and is capable of assisting your team and keeping you organized in remaining compliant. Even so, it comes down to the manpower to make certain that security is up to standards and ready to troubleshoot should issues arise.
Here are some helpful tips for your IT department along with capabilities of your Intranet to ensure that you remain HIPAA compliant.
Maintain strict access controls
Certain information and areas on your Intranet is only meant for select staff members. Since that is the case, the information should be restricted from other staff members to increase privacy and to keep these areas extra secure from hackers or other unauthorized users. Protect this information with Active Directory permissions or even add an additional login and make sure passcodes are required to be changed regularly.
Allow users to set and change their passwords
Speaking of passcodes, all staff members need login credentials to get onto the Intranet, and sometimes to get onto different pages of the portal. Allowing employees to come up with their own, unique passwords will help to beef up security. It’s also important to require changing passwords every 60 to 90 days.
Keep staff trained and updated
It should go without saying, but your IT department needs to remain informed on updates with HIPAA laws along with security changes in your own software. In turn, the rest of the staff should be notified of these updates as well. Hold mandatory training sessions, provide easily accessible news updates, or bring some fun into your work day with quick questions to ensure that your staff is trained and well-informed on all security happenings.
Have regular security audits
Have your IT department run regular security audits to warrant that everything is working properly and that nothing seems out of place. This will also allow you to see what is working well and what needs to be improved upon while implementing security and privacy measures.
Create awareness on safe devices
Make sure all staff are aware of the types of devices that can be used within the facility. An Intranet can be used as a forum for questions about safe hardware and software or personal devices that can be used on the organization’s machines. Create a wiki outlining what can and cannot be brought into the facility and have staff attest that they have read the information or the policies governing personal devices.
Set a session timeout
We know how hectic and busy the workday is. Sometimes, you leave your desk for longer than intended, and your computer goes into sleep mode. However, if you remained logged in for too long at this stage, your system becomes more susceptible to security breaches or hackers. Your IT department should implement a short session timeout. When there is no activity after a certain amount of time, the system will automatically log you out, requiring you enter passcodes again once you are back.
Originally posted on the HospitalPortal.net‘s blog, on February 2, 2017.