- Our Work
- Security Engineering
- Contingency Planning Services
- Lunarline Privacy Services
- Security Compliance
- Service Coverage
- Certificate of Networthiness
- Cloud Security
- Cyber Security Training and Certifications
- IT Security Governance & Cyber Security Strategy
- Incident Response
- Mobile Device Security
- Penetration Testing
- Physical Security
- Risk / Vulnerability Assessments
- Risk Assessments
- Risk Management Framework / Certification & Accreditation (C&A)
- Secure Network Design and Implementation
- Secure System / Software Quality Assurance
- Security Auditing
- Contact Us
Using computers and information systems in the healthcare industry usually accrues value –vast amounts of information may be stored forever. Data can be sorted instantly, organized in myriad categories and retrieved whenever needed. Through new technologies, the healthcare industry is able to use medical data to help treat patients and serve customers more effectively and accurately. The healthcare industry has also created standards and uniform codes to make such systems universally acceptable as well. But There is one aspect of technology that poses a threat to patient privacy and confidentiality of records – the lack of security protection.
Most hospitals, healthcare settings, and insurance companies are focused on treating their patients, saving their lives, and managing their clients and in the process, often forget about the need to adhere to the Health Insurance Portability and Accountability Act (HIPAA) of 2003. HIPAA mandates the encryption of electronically protected health information (ePHI) when stored on networks or notebook computers and portable memory devices.
Recent surveys indicate that data is lost not only through willful theft by hackers, but also by careless employees who misplace laptops or irresponsibly avoid security through codes and passwords that protect access to important patient information. Additionally, healthcare facilities, providers, and manufacturers often are not equipped with the technical understanding or the means to deal with security breaches when they occur.
The greatest security threat from lost or misused data is identity theft, where crooks either assume your identity or sell it to other criminals who are looking to shed their old persona and take on a new one. A hospital setting is ideal for stealing information, because staff members often do not pay much attention to data security. This situation must change. Healthcare facilities must identify potential risks and take appropriate action.
Lunarline retains unparalleled experience in providing secure solutions to the healthcare industry. We provide a wide range of services solely focused on security. From implementing asset recovery and tracking measures to doing comprehensive risk analysis of an organizations IT security posture, we continue to achieve success. Recent legislation changes and the addition of HIPAA Security Rules now place severe penalties on healthcare providers and their business partners whenever due diligence in securing ePHI and PII is absent. Lunarline's experience and knowledge of the changing healthcare security regulations assure that our customers manage security risks without compromising patient/customer care.
Lunarline can help enhance security in three key ways:
- Improved confidentiality – Contributes to the privacy of data contained within information systems; supports physician, patient, business partners, and shareholders expectations; and assists with compliance for regulations regarding the management of patient information.
- Improved integrity– Supports the soundness of the information and ensures that it has not been inappropriately altered without detection.
- Improved availability – I Information systems are functioning and accessible when needed, contributing to consistent financial results and patient safety.
Risk assessment is a key task in enhancing security, but many companies attempting such measures often make the following errors:
Lunarline's experience in providing risk assessments avoids these errors by applying elements of successful risk assessment business practices by:
- Providing clear instructions to all who handle sensitive information.
- Simplifying user response to easily address responsibilities.
- Identifying support contacts by team members.
- Focusing on leaders as well as executors to integrate with business models.
- Providing feedback to users and risk leaders enabling participation in final action steps.
- Having a broad scope to include risks, controls, and response management.
- Identifying users for follow up if necessary.
- Identifying information-related assets.
- Focusing risk analysis activities on critical assets.
- Considering relationships among critical assets, the threats to those assets, and vulnerabilities.
- Evaluating risks in an operational context, including how they are used to conduct an organization's business.
- Creating a protection strategy for risk mitigation.
For more information, please contact us at firstname.lastname@example.org or call us at (571) 481-9300.