Risk
7/6/2011
04:13 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Symantec, Allscripts Offer Security Risk Assessment Tool

The Web app automates the review of administrative, technical, and physical safeguards as defined by HIPAA and HITECH.

12 Innovative Mobile Healthcare Apps
(click image for larger view)
Slideshow: 12 Innovative Mobile Healthcare Apps
Information security and system management provider Symantec deepened its reach into the healthcare sector on Wednesday when it unveiled the Allscripts Privacy & Security Risk Assessment, a tool that automates the paper-based process of assessing a medical practice's privacy and security risks.

According to Symantec, the Allscripts Privacy & Security Risk Assessment is a Web-based application that provides physicians with a single place to complete the review of administrative, technical, and physical safeguards as defined by the Health Insurance Portability and Accountability Act (HIPAA).

Doug Havas, vice president of Symantec Healthcare, said in a statement the company understands the unique needs of the healthcare industry as it grapples with the task of protecting patient information.

Havas also said the application makes it easier for physicians to demonstrate that they meet the security requirements of HIPAA and helps them qualify for substantial incentive payments from Medicare or Medicaid.

"The solution also represents a critical step in identifying pain points and mitigating risks so practices can maximize their data security," Havas said.

Physicians applying for Medicare and Medicaid Electronic Health Record (EHR) incentive programs must demonstrate that their practices meet the security requirements under the Health Information Technology for Economic and Clinical Health Act (HITECH) Meaningful Use Stage 1 criteria. And they must conduct a privacy and security risk analysis under HIPAA guidelines.

"Right now, physician practices can either perform the HIPAA risk assessment themselves or hire an onsite consultant to do the analysis," said Lee Shapiro, president of Allscripts. "By working with Symantec, we can now greatly simplify the risk assessment process for those practices that are looking for an alternative to doing it on their own."

Another objective for offering the tool is to help physician practices that are financially constrained to conduct a privacy and security assessment of their health information systems without buying new hardware.

To make it user friendly, clinicians are not required to download files and the application produces comprehensive reports immediately upon the practice completing the assessment. The assessment includes identifying potential gaps and providing recommendations for complying with HIPAA rules and HITECH. Vendor and application independent, it can be used with any EHR.

"A critical evaluation that would normally take significant time and resources has been simplified into an easy, user-friendly, step-by-step process," Alexander Laham, corporate compliance and privacy officer at Springfield Medical Care Systems, said in a statement. "We will certainly be using this tool on a regular basis, not just once a year, to gauge our improvement over time and help ensure that our systems are secure and compliant."

Developed by Symantec and currently available exclusively through Allscripts, the Allscripts Privacy & Security Risk Assessment offers several features including:

-- One-stop and one place to complete HIPAA-defined assessment of administrative, technical, and physical safeguards.

-- Automated reporting and gap analysis with recommendations for improvements.

-- A subscription-based model that accommodates the needs and financial parameters of single providers, multiple locations, and enterprise customers.

-- Annual collection and verification of assessment data.

-- Automatic assessment and audit log.

-- Graphical and administrative views of assessment results.

-- Documentation that a privacy and security risk assessment has been performed in accordance with HITECH and HIPAA.

The Healthcare IT Leadership Forum is a day-long venue where senior IT leaders in healthcare come together to discuss how they're using technology to improve clinical care. It happens in New York City on July 12. Find out more.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web