Compliance and Security

HIPAA Compliance

If your company is in the healthcare or dental field, you are required to ensure the security and privacy of confidential patient data as regulated under HIPAA (Health Insurance Portability and Accountability Act). Since most patient data and diagnoses are stored, transmitted, and analyzed digitally, your company will have access to electronically Protected Healthcare Information (ePHI). While HIPAA was first signed into federal law in 1996, it is constantly being updated, which translates into perpetual vigilance for employees, administrators and IT personnel in the healthcare or dental fields. In terms of IT services, HIPAA compliance includes protecting sensitive client data in three main areas:

Physical Safeguards, (hardware and software) including:

  • Implementing facility access controls
  • Best practices (SRA’s)
  • Implementing policies and procedures for installing, using, modifying, and/or repairing hardware
  • Inventorizing hardware
  • Tracking the movement and future disposal of all hardware containing sensitive electronic data
  • Implementing proper data hosting on cloud storage, a dedicated server, or a physical server
  • Developing policies for positioning workstations
  • Developing policies and procedures for mobile devices

Technical Safeguards for storing and transmitting data including:

  • Initial Security Risk Assessment
  • Penetration Testing
  • Implementing proper data hosting on cloud storage, a dedicated server, or a physical server
  • Implementing a means of Access Control
  • Implementing Tools for Encryption and Decryption
  • Introducing Activity Logs and Audit Controls
  • Facilitating Automatic Log Off of PCs and Devices

Administrative Safeguards including training personnel:

  • Initial Security Risk Assessments
  • Introduction of a Risk Management Policy
  • Installation and training on using, storing, and transmitting sensitive data on HIPAA-compliant software and applications
  • Developing and Testing Contingency Plans
  • Restriction of Third Party Access
  • Implementation of a Means of Access Control
  • Implement Tools for Encryption and Decryption
  • Reporting of Security Incidents

Security

One look at the news and it is easy to surmise that IT security is constantly changing and evolving in order to stay up-to-date on the latest threats as well as industry-specific vulnerabilities. Spectra Networks specializes in security customized for the needs of your business. These security protocols include everything from creating access controls to planning for disaster recovery in the case that the unthinkable happens. Our security services include:

  • Monitoring for Viruses, Malware, Ransomware, and other Threats (both internal and external)
  • Intrusion Prevention Systems (IPS)
  • Firewalls
  • Virtual Private Networks & Remote Access
  • Web Content Filtering
  • Disaster Recovery Planning
  • Back Ups - Local and Cloud
  • Email Protocols - Encryption and Decryption
  • Password Management
  • Physical Safeguards for hardware and server rooms
  • Email Phishing & Spam control

We're here to keep you secure.