Risk
7/6/2011
04:13 PM
50%
50%

Symantec, Allscripts Offer Security Risk Assessment Tool

The Web app automates the review of administrative, technical, and physical safeguards as defined by HIPAA and HITECH.

12 Innovative Mobile Healthcare Apps
(click image for larger view)
Slideshow: 12 Innovative Mobile Healthcare Apps
Information security and system management provider Symantec deepened its reach into the healthcare sector on Wednesday when it unveiled the Allscripts Privacy & Security Risk Assessment, a tool that automates the paper-based process of assessing a medical practice's privacy and security risks.

According to Symantec, the Allscripts Privacy & Security Risk Assessment is a Web-based application that provides physicians with a single place to complete the review of administrative, technical, and physical safeguards as defined by the Health Insurance Portability and Accountability Act (HIPAA).

Doug Havas, vice president of Symantec Healthcare, said in a statement the company understands the unique needs of the healthcare industry as it grapples with the task of protecting patient information.

Havas also said the application makes it easier for physicians to demonstrate that they meet the security requirements of HIPAA and helps them qualify for substantial incentive payments from Medicare or Medicaid.

"The solution also represents a critical step in identifying pain points and mitigating risks so practices can maximize their data security," Havas said.

Physicians applying for Medicare and Medicaid Electronic Health Record (EHR) incentive programs must demonstrate that their practices meet the security requirements under the Health Information Technology for Economic and Clinical Health Act (HITECH) Meaningful Use Stage 1 criteria. And they must conduct a privacy and security risk analysis under HIPAA guidelines.

"Right now, physician practices can either perform the HIPAA risk assessment themselves or hire an onsite consultant to do the analysis," said Lee Shapiro, president of Allscripts. "By working with Symantec, we can now greatly simplify the risk assessment process for those practices that are looking for an alternative to doing it on their own."

Another objective for offering the tool is to help physician practices that are financially constrained to conduct a privacy and security assessment of their health information systems without buying new hardware.

To make it user friendly, clinicians are not required to download files and the application produces comprehensive reports immediately upon the practice completing the assessment. The assessment includes identifying potential gaps and providing recommendations for complying with HIPAA rules and HITECH. Vendor and application independent, it can be used with any EHR.

"A critical evaluation that would normally take significant time and resources has been simplified into an easy, user-friendly, step-by-step process," Alexander Laham, corporate compliance and privacy officer at Springfield Medical Care Systems, said in a statement. "We will certainly be using this tool on a regular basis, not just once a year, to gauge our improvement over time and help ensure that our systems are secure and compliant."

Developed by Symantec and currently available exclusively through Allscripts, the Allscripts Privacy & Security Risk Assessment offers several features including:

-- One-stop and one place to complete HIPAA-defined assessment of administrative, technical, and physical safeguards.

-- Automated reporting and gap analysis with recommendations for improvements.

-- A subscription-based model that accommodates the needs and financial parameters of single providers, multiple locations, and enterprise customers.

-- Annual collection and verification of assessment data.

-- Automatic assessment and audit log.

-- Graphical and administrative views of assessment results.

-- Documentation that a privacy and security risk assessment has been performed in accordance with HITECH and HIPAA.

The Healthcare IT Leadership Forum is a day-long venue where senior IT leaders in healthcare come together to discuss how they're using technology to improve clinical care. It happens in New York City on July 12. Find out more.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-4403
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.ph...

CVE-2012-2930
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers...

CVE-2012-2932
Published: 2015-04-24
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the (1) selitems[] parameter in a copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/...

CVE-2012-5451
Published: 2015-04-24
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888.

CVE-2015-0297
Published: 2015-04-24
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methos via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.