查看“Shanks”的源代码

Sharing individual health information online could be a dangerous business. Unfortunately, as people become accustomed to doing many if not totally all of their private business online, the need for accessing this information online will grow to the level that health care providers will don't have any choice but to either provide use of this personal health information or lose their clients. 

Medical Insurance Portability and Accountability Act (HIPAA) was enacted to assure the privacy of patient information. This calls for that health care services hire stringent measures to make sure that information shared on the net is secured from unauthorized access. 

The HIPAA Act requires health-providing organizations to: 

Assign responsibility for security to an individual or company. 

Determine security risks and determine the major threats to the security and privacy of protected health information. 

Begin a plan to deal with physical security, personnel security, specialized security controls, and disaster recovery and security incident response. 

Approve the potency of security controls. 

Develop guidelines, procedures and directions for utilization of individual computing devices (workstations, notebooks, hand-held devices), and for ensuring components come in place that allow, restrict and stop access (access control lists, person accounts, etc.) appropriate to a person's status, change of status or firing. 

Apply access controls that will include encryption, context-based access, role-based access, or user-based access; exam control mechanisms, data authentication, and entity authentication 

This law has significant implications for unauthorized access that is allowed by organizations producing a break in confidentiality. 

Safety could be the essential 

Since the HIPAA law provides for both civil and criminal penalties for violations, data and access protection is of the most importance. Online report administration on company intranets and extranets should add a quantity of security features:, to assure HIPPA compliance 

Secure net server a operating secure socket layers may be the minimum needed. 

Encrypted database all data must certanly be encrypted. Pc software can be obtained that'll protected all information sent between two computer online. 

Secure access control -- along with a user password and identification, it could be advisable to employ a strong password or sensible card as additional security. 

Session timeout this assures that confidential information isn't left on an unattended screen. 

Server monitoring the secure web server must be strictly monitored to detect break-in attempts. 

Regular security audits regular audits are required to make certain all security measures are working properly. 

Personnel system maintenance ought to be in the hands of skilled personnel knowledgeable about HIPPA requirements [http://www.entrust.comwww.entrust.com/enterprise-authentication/ep_auth.htm login authentication]