Let’s talk about HIPAA guidelines and how they relate to cloud service providers. Recently, a new cyber security recommendation report for Health and Human Services (HHS) was released by the Healthcare Industry Cybersecurity Task Force (HCIC). In the report, the HCIC makes a number of recommendations to HHS on how to increase cybersecurity for organizations that interact with healthcare data.
Healthcare is just one of the many industries that could benefit from better and more specific guidelines and more streamlined regulations. The HCIC and a handful of industry people tackled this by coming up with a number of recommendations on how to improve the state of cybersecurity in healthcare.
We took a look through the report, and the HCIC took a holistic approach to solving healthcare’s difficult and complex cybersecurity challenges.
Their recommendations spanned from creating clearer guidance to reforming web regulations in areas that affect healthcare. The HCIC also made specific recommendations for medical device vendors and patient data processors.
Some recommendations also included software security vendors and how they can support health care institutions. The HCIC emphasized focus on existing systems and the need to make sure these legacy systems are not getting left behind when system updates roll out (Recommendation 2.1.3).
Another recommendation called attention to creating better controls for who has access to patient data and ensuring those that are accessing patient data are really who they say they are (Recommendation 2.4).
HCIC Embraces Cloud Service Providers
The task force also decided to embrace the cloud and managed service providers. This stemmed from the realization that smaller healthcare organizations often do not have the resources to fully staff a credible cybersecurity group. It is critical that these smaller organizations consider leveraging third party solutions, like Directory-as-a-Service®, in order to support and meet these security guidelines (Recommendations 3.3 and 3.4).
Right now, the HCIC report is only a set of recommendations for the HHS to consider incorporating into their cybersecurity policies. It would be wise for the healthcare industry to pay (Read more...)
*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Natalie Bluhm. Read the original post at: https://jumpcloud.com/blog/hipaa-guidelines-cloud-service-providers/