Healthcare – HIPAA Security for Data & Telecom Racks
The HIPAA security compliance standards require Comprehensive Cyber, Physical and Operational Protection Measures. The following are quotations from HIPAA regulations as amended January 2013:
All servers and networked devices in your rack must be secured according to HIPAA. This includes your servers, switches and backup power and distribution systems. Per 164.308(a)(5)(ii)(C) “Log-in Monitoring. Implement Procedures for monitoring login attempts and reporting discrepancies.”
According to the Department of Health and Human Services, nearly half of HIPAA Security violations for 2016 involved breaches of Physical Security. HIPAA regulations specifically define Physical Network Security requirements and these include Section 164.310: Facility Access Controls. Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.
Backup Power is a necessity to allow the protection of and access to critical medical records in the event of a power back out or other power event. This requirement is described in HIPAA Security “Section 164.308(a)(7)(ii)(C) Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode. When a covered entity is operating in emergency mode due to a technical failure or power outage, security processes to protect EPHI must be maintained.”
Medical records must be protected from more than just cyber or physical threats. HIPAA Security standards require that they must also be protected from destruction in the event of a natural or environmental event. This is specifically provided for in HIPAA Section 164.304 “Physical safeguards are physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards…”