Written by: Marianne Kolbasuk McGee

As cyberattacks continue to surge, federal regulators are reminding healthcare organizations of the importance of implementing strong identity and access management practices, policies and controls.

The Department of Health and Human 服务’ 公民权利办公室, in a cybersecurity e-newsletter issued this week, advises HIPAA-covered entities and business associates to carefully examine their policies, practices and controls for accessing electronic protected health information.

关键问题

“OCR is correct in highlighting access as the key,” says LBMC 信息安全 representative. “OCR is also focusing on … identity … as the new perimeter. 随着提供者进入 云, this will result in even bigger problems unless this is proactively addressed.”

不幸的是, investing in secure IAM hasn’t been as big a priority in healthcare as it is in other sectors. But that’s changing because threat actors are increasingly targeting healthcare organizations and because new regulations, including those tied to the 21世纪治愈法案, are requiring providers and payers to create new APIs to share patient data. 

“Roles and role-based access control have unique challenges for healthcare providers.”
—LBMC 信息安全 representative

LBMC cautions, however, against relying on IAM technology to “solve a broken process.”

医疗保健 organizations must “understand their current state of IAM, formulate their future state and define the use cases, processes and governance structures that the IAM program will manage. 这都是 之前 评估一项技术.”

To read the full article, visit the 医疗保健 Info Security site at http://www.healthcareinfosecurity.com/its-time-to-reassess-iam-in-healthcare-a-17081.