Independent of the size of the organization, internal regulations, or the number of subject matter experts on staff, it seems like the same old questions always comes up, “Does this device need to be monitored for HIPPA compliance?”.
As a general rule, all servers and devices that are part of the creation, receiving, maintaining, storing, or transmitting e-PHI data are subject to HIPAA compliance. The answer to this question is more often “yes” then “no”, but may call in the “it depends” category.
The sole purpose of HIPAA is to identify and protect against reasonably anticipated threats to the security or integrity of PHI data including the impermissible use or disclosure of such data by the trusted workforce.
To facilitate your HIPAA compliance, start by understanding where the entire flow of where your e-PHI data is created, used, transmitted, used, and stored. All devices involved along this path are subject to HIPPA compliance because they could potentially be exploited.
To reasonably anticipated threats:
1. Think like a hacker … “How could I get data from this app/server/device?”
If you can think of a potential way of getting e-PHI data from a server or device, then it is most likely subject to HIPAA compliance.
2. Think like a trusted insider with malicious intent
“How can I circumvent the existing policies and procedures to gain access to, and retrieve the desired data?
If you are still unsure about a server or device because of a special circumstance, or a non-standard procedure or flow, consult with your HIPPA auditor. Your auditors will have the final say. It is also easier to get your auditors involved early so that it is done right the first time.
AccelOps’ out-of-the-box HIPAA Business Service and HIPAA compliance suite gives you full stack visibility into the applications, servers, network, and devices that are subject to HIPPA security, performance, availability, and change compliance.
Contact us if you would like to see our full stack-monitoring platform in action, or if you have any other questions. We’re here to help!