Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Symantec, Allscripts Offer Security Risk Assessment Tool

The Web app automates the review of administrative, technical, and physical safeguards as defined by HIPAA and HITECH.

12 Innovative Mobile Healthcare Apps
(click image for larger view)
Slideshow: 12 Innovative Mobile Healthcare Apps
Information security and system management provider Symantec deepened its reach into the healthcare sector on Wednesday when it unveiled the Allscripts Privacy & Security Risk Assessment, a tool that automates the paper-based process of assessing a medical practice's privacy and security risks.

According to Symantec, the Allscripts Privacy & Security Risk Assessment is a Web-based application that provides physicians with a single place to complete the review of administrative, technical, and physical safeguards as defined by the Health Insurance Portability and Accountability Act (HIPAA).

Doug Havas, vice president of Symantec Healthcare, said in a statement the company understands the unique needs of the healthcare industry as it grapples with the task of protecting patient information.

Havas also said the application makes it easier for physicians to demonstrate that they meet the security requirements of HIPAA and helps them qualify for substantial incentive payments from Medicare or Medicaid.

"The solution also represents a critical step in identifying pain points and mitigating risks so practices can maximize their data security," Havas said.

Physicians applying for Medicare and Medicaid Electronic Health Record (EHR) incentive programs must demonstrate that their practices meet the security requirements under the Health Information Technology for Economic and Clinical Health Act (HITECH) Meaningful Use Stage 1 criteria. And they must conduct a privacy and security risk analysis under HIPAA guidelines.

"Right now, physician practices can either perform the HIPAA risk assessment themselves or hire an onsite consultant to do the analysis," said Lee Shapiro, president of Allscripts. "By working with Symantec, we can now greatly simplify the risk assessment process for those practices that are looking for an alternative to doing it on their own."

Another objective for offering the tool is to help physician practices that are financially constrained to conduct a privacy and security assessment of their health information systems without buying new hardware.

To make it user friendly, clinicians are not required to download files and the application produces comprehensive reports immediately upon the practice completing the assessment. The assessment includes identifying potential gaps and providing recommendations for complying with HIPAA rules and HITECH. Vendor and application independent, it can be used with any EHR.

"A critical evaluation that would normally take significant time and resources has been simplified into an easy, user-friendly, step-by-step process," Alexander Laham, corporate compliance and privacy officer at Springfield Medical Care Systems, said in a statement. "We will certainly be using this tool on a regular basis, not just once a year, to gauge our improvement over time and help ensure that our systems are secure and compliant."

Developed by Symantec and currently available exclusively through Allscripts, the Allscripts Privacy & Security Risk Assessment offers several features including:

-- One-stop and one place to complete HIPAA-defined assessment of administrative, technical, and physical safeguards.

-- Automated reporting and gap analysis with recommendations for improvements.

-- A subscription-based model that accommodates the needs and financial parameters of single providers, multiple locations, and enterprise customers.

-- Annual collection and verification of assessment data.

-- Automatic assessment and audit log.

-- Graphical and administrative views of assessment results.

-- Documentation that a privacy and security risk assessment has been performed in accordance with HITECH and HIPAA.

The Healthcare IT Leadership Forum is a day-long venue where senior IT leaders in healthcare come together to discuss how they're using technology to improve clinical care. It happens in New York City on July 12. Find out more.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Tor Weaponized to Steal Bitcoin
Dark Reading Staff 10/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-9501
PUBLISHED: 2019-10-22
The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root.
CVE-2019-16971
PUBLISHED: 2019-10-22
In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
CVE-2019-16972
PUBLISHED: 2019-10-22
In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2019-16973
PUBLISHED: 2019-10-22
In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2015-9496
PUBLISHED: 2019-10-22
The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.