Risk
7/6/2011
04:13 PM
50%
50%

Symantec, Allscripts Offer Security Risk Assessment Tool

The Web app automates the review of administrative, technical, and physical safeguards as defined by HIPAA and HITECH.

12 Innovative Mobile Healthcare Apps
(click image for larger view)
Slideshow: 12 Innovative Mobile Healthcare Apps
Information security and system management provider Symantec deepened its reach into the healthcare sector on Wednesday when it unveiled the Allscripts Privacy & Security Risk Assessment, a tool that automates the paper-based process of assessing a medical practice's privacy and security risks.

According to Symantec, the Allscripts Privacy & Security Risk Assessment is a Web-based application that provides physicians with a single place to complete the review of administrative, technical, and physical safeguards as defined by the Health Insurance Portability and Accountability Act (HIPAA).

Doug Havas, vice president of Symantec Healthcare, said in a statement the company understands the unique needs of the healthcare industry as it grapples with the task of protecting patient information.

Havas also said the application makes it easier for physicians to demonstrate that they meet the security requirements of HIPAA and helps them qualify for substantial incentive payments from Medicare or Medicaid.

"The solution also represents a critical step in identifying pain points and mitigating risks so practices can maximize their data security," Havas said.

Physicians applying for Medicare and Medicaid Electronic Health Record (EHR) incentive programs must demonstrate that their practices meet the security requirements under the Health Information Technology for Economic and Clinical Health Act (HITECH) Meaningful Use Stage 1 criteria. And they must conduct a privacy and security risk analysis under HIPAA guidelines.

"Right now, physician practices can either perform the HIPAA risk assessment themselves or hire an onsite consultant to do the analysis," said Lee Shapiro, president of Allscripts. "By working with Symantec, we can now greatly simplify the risk assessment process for those practices that are looking for an alternative to doing it on their own."

Another objective for offering the tool is to help physician practices that are financially constrained to conduct a privacy and security assessment of their health information systems without buying new hardware.

To make it user friendly, clinicians are not required to download files and the application produces comprehensive reports immediately upon the practice completing the assessment. The assessment includes identifying potential gaps and providing recommendations for complying with HIPAA rules and HITECH. Vendor and application independent, it can be used with any EHR.

"A critical evaluation that would normally take significant time and resources has been simplified into an easy, user-friendly, step-by-step process," Alexander Laham, corporate compliance and privacy officer at Springfield Medical Care Systems, said in a statement. "We will certainly be using this tool on a regular basis, not just once a year, to gauge our improvement over time and help ensure that our systems are secure and compliant."

Developed by Symantec and currently available exclusively through Allscripts, the Allscripts Privacy & Security Risk Assessment offers several features including:

-- One-stop and one place to complete HIPAA-defined assessment of administrative, technical, and physical safeguards.

-- Automated reporting and gap analysis with recommendations for improvements.

-- A subscription-based model that accommodates the needs and financial parameters of single providers, multiple locations, and enterprise customers.

-- Annual collection and verification of assessment data.

-- Automatic assessment and audit log.

-- Graphical and administrative views of assessment results.

-- Documentation that a privacy and security risk assessment has been performed in accordance with HITECH and HIPAA.

The Healthcare IT Leadership Forum is a day-long venue where senior IT leaders in healthcare come together to discuss how they're using technology to improve clinical care. It happens in New York City on July 12. Find out more.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: You should see what I wear on my work from home days!
Current Issue
The Changing Face of Identity Management
Mobility and cloud services are altering the concept of user identity. Here are some ways to keep up.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.